documentation:2.0:authyubikey

Authentication	Users	Password
✔

The Yubikey is a small material token shipped by Yubico. It sends an OTP, which is validated against Yubico server.

You need Auth::Yubikey_WebClient package.

You need to get an client ID and a secret key from Yubico. See Yubico API page.

To use your Yubikeys as “second factor”, use Universal 2nd Factor Authentication (U2F) instead of this module

In Manager, go in General Parameters > Authentication modules and choose Yubikey for authentication module.

You can then choose any other module for users and password.

Then, go in Yubikey parameters:

Authentication level: authentication level for this module.
API client ID: API client ID from Yubico
API secret key: API secret key from Yubico
OTP public ID part size: Part of Yubikey OTP that will be used as the media identifier (default: 12)

You have to register the media identifier in your user backend (LDAP or SQL) to match the yubikey with a real user. For example it can be stored as a second value of the uid attribute in the LDAP directory:

uid: coudot
uid: 123456789012

Yubikey

Presentation

Configuration