Yubico Forum
https://forum.yubico.com/

yubico-pam with ykval validation server
https://forum.yubico.com/viewtopic.php?f=3&t=500
Page 1 of 1

Author:  mgb [ Thu Mar 11, 2010 8:22 pm ]
Post subject:  yubico-pam with ykval validation server

Hi guys,


Quick question... yubico-pam has a client-id parameter that the module takes, but shouldn't this be provided per user as part of the mapping file? It seems to me that the ykval server is filtering replay attacks by tracking that id and the OTP, and then YKKSM is validating the OTP portion of the request if the other checks pass. Is the client-id site wide, or is there some other way it needs to be configured? I have a multi user machine I am trying to get dual factor auth working against my own ykval server.


Thanks.

Author:  samir [ Fri Mar 12, 2010 1:36 pm ]
Post subject:  Re: yubico-pam with ykval validation server

The Client ID parameter used in the Yubico PAM module is the API ID parameter. The API ID concept is designed to use an API ID per site / application / service and not per YubiKey. For more information, please visit the following forum link:

viewtopic.php?f=3&t=484&p=2053&hilit=per+site#p2053

We hope this helps!

Page 1 of 1 All times are UTC + 1 hour
Powered by phpBB® Forum Software © phpBB Group
https://www.phpbb.com/