You will need to append the PAM file's configuration to have " chalresp_path=/etc/yubico " added to the end. Once the challenge- file is moved to a safer location the PAM file will need to also be modified for this to function correctly. You can move the file from ~/.yubico to /etc/yubico and rename to the login username by running the command ( sudo mv ~/.yubico/challenge- /etc/yubico/`whoami`- ). when moving the challenge-response file to /etc/yubico the filename will need to be changed to username- instead of challenge. After creating a directory named yubico ( sudo mkdir /etc/yubico ). If you would like to add additional layer of security you can change the output of the challenge- file to an area of the OS where you'll need sudo permission to edit the file ( e.g. ![]() Warning: Having a backup YubiKey is strongly recommended so that if your device is lost or broken, you will not be locked out of your computer. If you do not have a backup device available at this time, you can add one later using the same steps as long as you still have access to your account. If you have backup YubiKeys, repeat the steps above to associate them with your account. ![]() If successful, you will see an output such as Stored initial challenge and expected response in '/home//.yubico/challenge-' where is your username and is the serial number printed on the YubiKey. 3 Associating the YubiKey(s) With Your Account Note: Setting up additional YubiKeys is strongly recommended so that if your YubiKey is lost or broken you are not locked out of your computer. Repeat these steps for any additional YubiKeys you want associated with your account. Press Y and then Enter to confirm the configuration.You will have done this if you used the Windows Logon Tool or Mac Logon Tool. ![]() Note: This section can be skipped if you already have a challenge-response credential stored in slot 2 on your YubiKey.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |