Q: Does the Yubico authentication server keep its own list of users or can it access a lists of users from other directory servers? The user attributes (home directory, id, groups, shell etc) will be provided via LDAP. I presume that Yubico will not have any effect on obtaining these using the means defined in the LDAP configuration files?
A: No, our yubico server is "stupid" in the sense that it doesn't know about users at all. It only says YES or NO to a particular OTP. All authorization decisions need to be made by the consumer system.
|