Yubico Forum https://forum.yubico.com/ |
|
[QUESTION] Windows logon and PasswordSafe config conflict. https://forum.yubico.com/viewtopic.php?f=16&t=1994 |
Page 1 of 1 |
Author: | Yuri82 [ Sun Aug 09, 2015 2:33 am ] |
Post subject: | [QUESTION] Windows logon and PasswordSafe config conflict. |
The primary reason we bought Yubikeys was for PasswordSafe which works well so I decided to add the Windows Logon feature. Both use Challenge-Response in slot 2 with one difference: PasswordSafe: Require user input = true WindowsLogin: Require user input = false I tried it anyway and WindowsLogin w/ "Require user input"=true will work if I press the YubiKey right after pressing enter. It actually worked this way for several reboots over many days so I decided to add the Admin account. This is where it went south. I CANNOT LOGON AS ADMINISTRATOR ANYMORE. When I try to logon as administrator it says "Yubikey logon failed. Please insert correct Yubikey". I used the same YK for both setups. Obviously this is very bad. Meanwhile the user-level account logon with Yubikey works fine. After posting this message I will be working on recovering my computer with a 2 week old backup. In the meantime please do the following: 1) update your windows logon documentation so it explains how to use the Yubikey with "Require user input"= true. Right now it insinuates this is possible yet it is not described. 2) Clarify in your documentation on setup for multiple Windows accounts. Some users have both account types on the same computer and only logon as admin really needed to as it is less secure (i.e. more vulnerable to malware). If each account must use a separate Yubikey this should be explicitly stated in your documentation, it would have saved me many hours of grief. |
Page 1 of 1 | All times are UTC + 1 hour |
Powered by phpBB® Forum Software © phpBB Group https://www.phpbb.com/ |