documentation:1.9:authyubikey

Authentication	Users	Password
✔

The Yubikey is a small material token shipped by Yubico. It sends an OTP, which is validated against Yubico server.

You need Auth::Yubikey_WebClient package.

You need to get an client ID and a secret key from Yubico. See Yubico API page.

In Manager, go in General Parameters > Authentication modules and choose Yubikey for authentication module.

You can then choose any other module for users and password.

Then, go in Yubikey parameters:

Authentication level: authentication level for this module.
API client ID: API client ID from Yubico
API secret key: API secret key from Yubico
OTP public ID part size: Part of Yubikey OTP that will be used as the media identifier (default: 12)

You have to register the media identifier in your user backend (LDAP or SQL) to match the yubikey with a real user. For example it can be stored as a second value of the uid attribute in the LDAP directory:

uid: coudot
uid: 123456789012

Yubikey

Presentation

Configuration