Yubico Forum

...visit our web-store at store.yubico.com
It is currently Tue Jan 30, 2018 10:41 am

All times are UTC + 1 hour

Post new topic Reply to topic  [ 2 posts ] 
Author Message
PostPosted: Wed Apr 22, 2015 12:09 pm 

Joined: Wed Apr 22, 2015 11:51 am
Posts: 1

We ordered a batch of limited edition 3-colour yubikeys (red/white/green) and the first short-press slot is working fine in OTP mode, but we're having trouble with the long-press second slot. Are there some limitations on these yubikeys that would prevent us from using the second slot in otp mode?

We're programming both slots into otp mode using the personalization tool on windows, closing the tool and then adding a keypress and aes code into the local yubipam user helper. The first slot will authenticate fine and returns codes yubipam accepts, yubipam rejects all logins from the second slot.

This was tested by reinitialising both slots on the yubikey, registering each slot against a new user and then only the user mapped to the first slot works, the user mapped to the second slot cannot authenticate at all.

We have tested some upgrades and alternative versions of yubipam, but it only appears to be these new yubikeys and the second slot it has issue with. An older yubikey running firmware 2.2.3 works fine, the new ones just dont seem to be happy with that second slot.

Any ideas? I've included some data below that may be useful but some help would be much appreciated!


[11:32 root:~]# ykpasswd -a -u test1 -o vvibuirgjcelegnvclekiltljngchvfnifvlnfnnvtgh
Adding Yubikey entry for test1
AES key [exactly 32 hex chars]: 3bcfef7da404e7f700719af19d6106b7
Using public UID: ff 71 e7 c5 80 3a
Using private UID: 22 ff f8 14 3a 05
Completed successfully.
[11:34 root:~]# ykpasswd  -a -u test2 -o vvntfltfgncgurnuegciulbfrejntnlclnuledudhbrc
Adding Yubikey entry for test2
AES key [exactly 32 hex chars]: 1031577e37f3709f8b3e1c9ef0b906d1
Using public UID: ff bd 4a d4 5b 05
Using private UID: 98 a8 76 3a 8d 8b
# first press of slot 1
[11:34 root:~]# ykvalidate -u test1 vvibuirgjceluvbklnienvbvvlllrjrrcvrhkgviriev
test1: OTP is VALID.
# first press of slot 2
[11:34 root:~]# ykvalidate -u test2 vvntfltfgncgcgjtinntuitctlgthrbedcnfdbbgdrnv
test2: OTP is INVALID!

We then reran it with an older yubikey:

[12:07 root:~]# ykpasswd -a -u test1 -o vvedjfgfrtdfkfhikugekeckgdbhvlukvdgddhevvbcu
Adding Yubikey entry for test1
AES key [exactly 32 hex chars]: 73a6ad28ea768aabe735d66000bc594d
Using public UID: ff 32 84 54 cd 24
Using private UID: be 62 3c 0b 7a df
Completed successfully.
[12:07 root:~]# ykpasswd -a -u test2 -o vvbueitifvlecnvtnhffieiuurcubgfencejrcnkuhii
Adding Yubikey entry for test2
AES key [exactly 32 hex chars]: 06a6bbd78aecdf22926bbd55228023e2
Using public UID: ff 1e 37 d7 4f a3
Using private UID: 91 ce 05 ef 55 7a
Completed successfully.
[12:07 root:~]# ykvalidate -u test1 vvedjfgfrtdfknukvigjnrnnjtdrnjnhrnrjbcchubcv
test1: OTP is VALID.
[12:07 root:~]# ykvalidate -u test2 vvbueitifvlegvnvhcfibivcnubviijcrhcnjhgltjkh
test2: OTP is VALID.

Reply with quote  

Share On:

Share on Facebook FacebookShare on Twitter TwitterShare on Tumblr TumblrShare on Google+ Google+

PostPosted: Thu Apr 23, 2015 9:18 am 
Site Admin
Site Admin

Joined: Mon Dec 08, 2014 2:52 pm
Posts: 314
please contact yubi.co/support

Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 2 posts ] 

All times are UTC + 1 hour

Who is online

Users browsing this forum: No registered users and 4 guests

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group