Table of Contents

Yubikey Second Factor

The Yubikey is a small material token shipped by Yubico. It sends an OTP, which is validated against Yubico server.

Prerequisites and dependencies

You need Auth::Yubikey_WebClient package.

You need to get an client ID and a secret key from Yubico. See Yubico API page.

Configuration

In the manager (second factors), you just have to enable it:

If you want to use a custom rule for “activation” and want to keep self-registration, you must include this in your rule: $_yubikeys, else Yubikey will be required even if users are not registered. This is automatically done when “activation” is simply set to “on”.

Provisioning

If you don't want to use self-registration, set public part of user's yubikey (12 first characters) in an attribute mapped to _yubikeys. Multiples values are allowed (space or comma separated).