Yubico Forum

How does one implement user name + password + yubikey authentication like what is displayed under the 'Start Your Yubikey' link on the website (URL: http://www.yubico.com/demo/two_factor_legacy.php) ?

I have the validation server installed and working. It can be used to verify that the otp generated is a valid one.. but how does one build in user name + password authentication against an AD/LDAP server ? Is this something the product supports ?

Yubico is soon going to release a new version of the Validation and Management Server (which is going to beta in next few days). This new server has a feature to internally store Username/UserID:YubiKeyID mapping. The new server also supports Active Directory/ LDAP intergration for importing the users from organization's LDAP database. The Username/UserID:YubiKeyID mapping is designed to allow assingnment of multiple YubiKeys to the same user. However, a YubiKey can be assigned to only one user.

Using the new YMS server and modified PAM module, system administators can implement a strong two factor authentication mechanism comprising of Username+password+YubiKey OTP. By using the Yubico PAM module, other native PAM modules and the configuration changes suggested by Yubico, system administrators will be able to validate OTPs with the YMS server and the username and password will be sent to the Active Directory/LDAP server for validation to implement strong two factor authentication.