‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐ On Sunday, February 16, 2020 11:51 AM, Paco Esteban <p...@e1e0.net> wrote:
> On Sat, 15 Feb 2020, Predrag Punosevac wrote: > > > The idea is to use yubikey as a challenge for a console login. I tried > > first to configure /etc/login.conf just to use yubikey > > auth-defaults:auth=yubikey: > > However, I see > > oko# tail -3 authlog > > Feb 15 23:29:15 oko yubikey: user predrag failed: password too short. > > Feb 15 23:29:15 oko yubikey: user predrag: reject > > Feb 15 23:43:09 oko su: predrag to root on /dev/ttyC0 > > I used advanced mode in yubikey-personalization-gui and generated public > > key of lenght 16 instead of default 6. No avail. Then I realized that > > 010: SECURITY FIX: December 4, 2019 All architectures > > libc's authentication layer performed insufficient username validation. > > Is it possible to use yubikey for console authentication or does above > > patch disables it completely? > > I use it on a daily basis no problem. > > Have you read login_yubikey(8) ? At some point it says: > > login_yubikey will read the user's UID (12 hex digits) from the file > user.uid, the user's key (32 hex digits) from user.key, and the user's > last-use counter from user.ctr in the /var/db/yubikey directory. > > Not sure if you already did that. But that may be it. Beside the man page, also Roman Zolotarev’s guide help at https://rgz.ee/openbsd/yubikey.html (I use with YubiKey 5 nfc and openbsd 6.6) > > Cheers, > > ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- > > Paco Esteban. > 5818130B8A6DBC03 — Luis Bandarra
