Yubico Forum
https://forum.yubico.com/

REQ: Locking the System when removing the Yubikey
https://forum.yubico.com/viewtopic.php?f=4&t=506
Page 1 of 1

Author:  Dane Jones [ Tue Mar 16, 2010 5:29 pm ]
Post subject:  REQ: Locking the System when removing the Yubikey

The idea is that when I remove my Yubikey the system notices the change and locks the system automatically. This seams like it could easily be a generic utility that could perform the operation upon the removal of any USB device identified to trigger the event.

Anyone know of, suggest, ect of a utility that can perform this? Problematically it sounds simple to do but I'm currently lacking the know how to develop such an app. When the mood strikes me I'll attempt to create it myself using AutoIt.

I'm looking for a solution for both Linux and Windows.

Author:  samir [ Wed Mar 17, 2010 1:53 pm ]
Post subject:  Re: REQ: Locking the System when removing the Yubikey

Rohos provides YubiKey based login solutions for Windows and MAC OS platforms which seems to be addressing your requirements. For more information, please visit the Yubico Wiki link given below:

http://wiki.yubico.com/wiki/index.php/A ... c_OS_Logon

We hope this helps!

Author:  erikm [ Thu Mar 29, 2012 8:40 pm ]
Post subject:  Re: REQ: Locking the System when removing the Yubikey

Hello,
I have the same request as Dane. I checked out Rohos but it does more than I need it an actually caused system problems for me. I just posted the request below at MacScripter.net but I would really appreciate advice or help from any of you.
Thank you,
Erik

http://macscripter.net/viewtopic.php?pid=149844

Hello,

I am writing to request help with configuring my MBP so that it the screen will lock when I remove my Yubikey (http://www.yubico.com/personal-use - “The YubiKey is a hardware authentication token that looks like a small USB memory stick, but it is actually a keyboard.”) from a USB port. I do not need any sort of unlocking capability upon reinsertion of the Yubikey.

There is an application called Rohos (http://www.rohos.com/products/rohos-logon-key-for-mac) that can sense removal of the Yubikey and lock the screen. However, the application costs $32 and it does far more than I want it to do. It also caused problems with logging into other user accounts.

There is an application called Proximity (http://code.google.com/p/reduxcomputing-proximity) that will execute a script if a paired Bluetooth device loses connection with the Mac. I like the basic functionality but would like for the trigger to be removal of the USB Yubikey.

I wonder if I could use Launchd (via Lingon) to periodically check (every minute, perhaps) if the specific Yubikey is present. If it is not, it could run an script to that will lock the screen (or activate the screensaver). A script on this site (http://macscripter.net/viewtopic.php?id=24748) seems to contain some of the features I need, but I am not sure if the Yubikey appears to the Mac as the UBS drive does. In terminal I navigated to Volumes and listed the contents but did not see the Yubikey.

Do any of you have any ideas or code?

Thank you!
Erik

Author:  samir [ Fri Mar 30, 2012 3:43 pm ]
Post subject:  Re: REQ: Locking the System when removing the Yubikey

We are not aware of any other product besides Rohos which can meet your requirement for the Mac platform.

You can potentially consider using the cross-platform 'Libykpers' library from Yubico (available at: http://code.google.com/p/yubikey-personalization/) to implement a solution based on the YubiKey challenge/response functionality and use this library to communicate with the YubiKey to present a challenge and read the response. In the challenge-response mode, the application on your system can send a challenge to the YubiKey at regular intervals of time and the YubiKey if present in the USB port will respond to that challenge. If the correct YubiKey is inserted, the response must match with the expected response based on the presented challenge. This library works on Windows, Mac and Linux platforms.

Regarding your other question, the YubiKey presents itself as a USB keyboard to the operating system and not as a USB memory device.

Thanks!
Samir.

Author:  cactusdove [ Fri Mar 04, 2016 1:49 am ]
Post subject:  Re: REQ: Locking the System when removing the Yubikey

I wrote a quick thing for myself, if you have NodeJS 4 or greater installed.

Code:
npm install osx-screensaver usb-detection

Code:
const osxScreensaver = require('osx-screensaver'),
     usbDetect = require('usb-detection'),
     key = {};

usbDetect.find(function(err, devices) {
   devices.forEach(function(device) {
      if (device.manufacturer == "Yubico") {
         key.vid = device.vendorId;
         key.pid = device.productId;
         console.log('found', device, err)
         listen(); // listen for usb removal
      }
   })
});

function listen(){
   usbDetect.on(`remove:${key.vid}:${key.pid}`, function(device) {
      console.log('remove', device);
      osxScreensaver().then(() => {
         console.log('Screensaver started');
      });
   });
}


you could convert this for less then Node 4 pretty easily and also run this as a process with 'forever'.

Author:  jeantil [ Fri Sep 30, 2016 10:17 pm ]
Post subject:  Re: REQ: Locking the System when removing the Yubikey

People reading this thread may be interested in [Project] [OS X] Yubikey Lock and Unlock Daemon for Mac OS X (I know I was :) )

Author:  SporkWitch [ Sun Nov 20, 2016 2:05 am ]
Post subject:  Re: REQ: Locking the System when removing the Yubikey

OSX == UNIX. Does it have / use udev? If so, the udev rules we've been using for years for this functionality on linux should work on Mac as well with only minor modification.

Page 1 of 1 All times are UTC + 1 hour
Powered by phpBB® Forum Software © phpBB Group
https://www.phpbb.com/