Yubikey

Configuration

For Yubikey OTP token authentication, first configure your Yubikey. After this, make sure to request a Client ID and Secret key pair.

Now configure the yubikeyclientid and yubikeysecret fields in the general section in the configuration file.

To enable Yubikey OTP authentication for a user, you must specify their Yubikey ID on the users yubikey field. The Yubikey ID is the first 12 characters of the Yubikey OTP, as explained in the below chart.

When a user has been configured with either one of the OTP options, the OTP authentication is required for the user. If both are configured, either one will work.

Example Configuration

Global setting:

yubikeyclientid = "yubi-api-clientid"
yubikeysecret = "yubi-api-secret"
yubikeyclientid = "yubi-api-clientid"
yubikeysecret = "yubi-api-secret"

User setting:

[[users]] 
  name = "otpuser"
  uidnumber = 5004
  primarygroup = 5501
  passsha256 = "652c7dc687d98c9889304ed2e408c74b611e86a40caa51c4b43f1dd5913c5cd0" # mysecret
  otpsecret = "3hnvnk4ycv44glzigd6s25j4dougs3rk"
  yubikey = "vvjrcfalhlaa" 
    [[users.capabilities]]
    action = "search"
    object = "ou=superheros,dc=glauth,dc=com"
[[users]] # [tl! focus:1]
  name = "otpuser"
  uidnumber = 5004
  primarygroup = 5501
  passsha256 = "652c7dc687d98c9889304ed2e408c74b611e86a40caa51c4b43f1dd5913c5cd0" # mysecret
  otpsecret = "3hnvnk4ycv44glzigd6s25j4dougs3rk"
  yubikey = "vvjrcfalhlaa" # [tl! focus:3]
    [[users.capabilities]]
    action = "search"
    object = "ou=superheros,dc=glauth,dc=com"

• OpenSSH Keys
• Multi Factor Auth