| Yubico Forum https://forum.yubico.com/ |
|
| [QUESTION] Configuration for multiple local Mac OS X users? https://forum.yubico.com/viewtopic.php?f=23&t=1419 |
Page 1 of 1 |
| Author: | fho [ Fri Jul 04, 2014 9:02 am ] |
| Post subject: | [QUESTION] Configuration for multiple local Mac OS X users? |
Hi, I've successfully installed and configured Yubico PAM to use two YubiKeys for a local Mac User (10.9) in challenge-response mode (Login, Screensaver and sudo for now). Problem: now other local users cannot login, because they don't have a challenge-response pair yet  How do I setup Yubico PAM for those other users (I can login to them via terminal)? Thanks! Frank |
|
| Author: | Tom [ Mon Jul 07, 2014 9:42 am ] |
| Post subject: | Re: [QUESTION] Configuration for multiple local Mac OS X use |
http://opensource.yubico.com/yubico-pam/ Create a /etc/yubikey_mappings, the file must contain a user name and the Yubikey token ID separated by colons (same format as the passwd file) for each user you want to allow onto the system using a Yubikey. The mappings should look like this, one per line: <first user name>:<Yubikey token ID1>:<Yubikey token ID2>:…. <second user name>:<Yubikey token ID3>:<Yubikey token ID4>:…. |
|
| Author: | fho [ Tue Jul 08, 2014 4:38 pm ] |
| Post subject: | Re: [QUESTION] Configuration for multiple local Mac OS X use |
Thanks Tom, but I thought this would only apply to OTP method but not to challenge-response (at least, I got it working without any mappings) ? In the meantime I found a workaround by copying challenge-response pairs to the other local users' directories, immediately after configuring authorization PAM from the local admin user's account: Code: sudo cp ~/.yubico/challenge-1234567 /Users/user2/.yubico/challenge-1234567 Plus chown to user2 and repeating it for all other YubiKeys of that user. |
|
| Page 1 of 1 | All times are UTC + 1 hour |
| Powered by phpBB® Forum Software © phpBB Group https://www.phpbb.com/ |
|