Yubico Forum

...visit our web-store at store.yubico.com
It is currently Tue Jan 30, 2018 1:00 pm

All times are UTC + 1 hour




Post new topic Reply to topic  [ 1 post ] 
Author Message
PostPosted: Fri Jan 01, 2016 9:47 pm 
Offline

Joined: Tue Dec 08, 2015 12:25 am
Posts: 1
Re: Yubikey 4 standard; Windows 10; KeePass; Using both slots.

All, It took me several days to figure this out, so I thought I'd share what worked and what did not:

1. The Yubikey Personalization Tool: Every time you update settings on a Slot or write configuration, use the same configuration log file. I mistakenly thought each feature used its own config file, but only one is needed. It is a .csv file with a row added each time Settings are updated or a Write Configuration is done. So, in this example, in the end you will find one row each for OATH-HOTP and Challenge-Response (see attached snapshot).

2. KeePass v. 2.30:
Use instructions at https://www.yubico.com/applications/password-management/consumer/keepass/.
I use Slot 1, Look-ahead count = 6. Why Slot 1? I use the same Yubikey 4 stick for Windows logon. Windows logon would work for me only in Slot 2, so KeePass' OATH-HOTP is configured in Slot 1.
My .kbdx file is in a locally-shared folder along with the YubiKey configuration file so I can get to it from any of the other accounts on the PC without confusing the "count."
A portable copy of the .kbdx kept on a thumbdrive still uses a Master Password.

3. Windows 10 Logon
I did not enable the built-in administrator account. Instead, I created a new, local account; promoted it to administrator; configured Yubikey 4's slot 2 according to https://www.yubico.com/wp-content/uploads/2013/02/Windows-Login-YubiKey-Configuration.pdf.
After convincing myself that the NewAdmin logon worked fine with YubiKey enabled, I demoted my own account to standard user. Now the PC behaves more like LINUX: if I want to do admin work from my own account, Windows asks me for the NewAdmin's logon info - which is managed by YubiKey.

-- Oji --


Attachments:
File comment: Only one configuration log file needed!
Config_Log.png
Config_Log.png [ 3.49 KiB | Viewed 3152 times ]
Top
 Profile  
Reply with quote  

Share On:

Share on Facebook FacebookShare on Twitter TwitterShare on Tumblr TumblrShare on Google+ Google+

Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 1 post ] 

All times are UTC + 1 hour


Who is online

Users browsing this forum: No registered users and 3 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group