Yubico Forum

Hi, I hope this is not the totally wrong forum for this question.
I want to use a yubikey to authenticate on Linux against an radius server. This already works.
We also want to authenticate our Windows machines against AD using AuthLite. Unfortunately I was not able to do so using the same profile on the yubikey.
I am configuring my yubikey this way on Linux and insert it into the yubipam configuration:


This works without a problem.
I got some xml files from the workmate that is responsible for the AuthLite/AD integration.
My idea was to extract the data from the xml file and configure it into yubipam.
The xml file looks like this:


I simply assumes AES-key = AES-key and tried to reuse the aes key in yubipam:

Unfortunately this does not work:

The OTP has the same length. The PublicIdReadable from the xml file is the hex representation of the modhex from the key.
This can be checked this way:


Using the same profile in two authentication systems should work. At least I had no problems authentication against freeradius/yubipam at work and yubipam at home with the same yubikey and same profile.

Please help me.
Best regards.

I see you also opened a support request at our site, so I'll continue with you over there. I just wanted to post this here in case someone else had the same question.

Your assumption about the AES key is wrong. We encrypt that value for export, mostly for historical reasons.

Anyway, you super should not do the thing you are trying to do. Sharing a single yubikey across more than one authority makes you vulnerable to cross authority replay attacks. If you want to use AD as the central store for your users, AuthLite can do everything and you don't need any of the Yubico software.

If you need to have separate authorities, then you should use separate yubikeys.