Yubico Forum

...visit our web-store at store.yubico.com
It is currently Tue Jan 30, 2018 12:18 pm

All times are UTC + 1 hour




Post new topic Reply to topic  [ 3 posts ] 
Author Message
PostPosted: Fri Aug 14, 2015 11:50 am 
Offline

Joined: Fri Aug 14, 2015 11:20 am
Posts: 1
Hi everyone,
some time ago I made a simple solution for the OS X locking and locking with yubikey and I made it available on github at https://github.com/shtirlic/yubikeylockd , I am using it for a while and it works good for me.

Installation

Code:
git clone https://github.com/shtirlic/yubikeylockd.git
cd yubikeylockd && make all


How it works

When you attach Yubikey for the first time launchctl will run yubikeylockd daemon
that will simply monitor the state of the given USB device.
Daemon based on the sample provided by Apple for IOKit development.

It does two things:
  • when device is attached it makes activity via IOPMAssertionDeclareUserActivity call to turn screen on
  • after device is detached it uses IORequestIdle to put display to sleep and (if you configured it) also lock the OS X


Last edited by Sh71rlic on Tue Oct 06, 2015 8:38 pm, edited 6 times in total.

Top
 Profile  
Reply with quote  

Share On:

Share on Facebook FacebookShare on Twitter TwitterShare on Tumblr TumblrShare on Google+ Google+

PostPosted: Thu Aug 20, 2015 10:19 am 
Offline
Site Admin
Site Admin

Joined: Mon Dec 08, 2014 2:52 pm
Posts: 314
moved to community projects


Top
 Profile  
Reply with quote  
PostPosted: Fri Sep 30, 2016 10:23 pm 
Offline

Joined: Fri Sep 30, 2016 9:54 pm
Posts: 2
The readme on github mentions 2 requirements:
* Configured integration with Yubico PAM module
* Require password immediately after sleep or screen saver begins

while the second makes sense, what does the yubico pam integration bring ? I found a tutorial about it at some point but it would only add the yubikey as a 2nd authentication factor (requiring a pin in addition to the password). Have you been able to work around that and at least remove password entry ?

I am hoping this daemon can be modified to allow for a relaxed security mode. In which it would behave like [url=https://code.google.com/archive/p/reduxcomputing-proximity/]proximity[url] and allow lock / unlock only based on the physical device presence with no additional input. (and yes I am aware that this lowers the security of the system compared to 2 factor, I still think user experience and security is better than the classical password).


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 3 posts ] 

All times are UTC + 1 hour


Who is online

Users browsing this forum: No registered users and 2 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group