Yubico Forum

Hi everyone,
some time ago I made a simple solution for the OS X locking and locking with yubikey and I made it available on github at https://github.com/shtirlic/yubikeylockd , I am using it for a while and it works good for me.

Installation



How it works

When you attach Yubikey for the first time launchctl will run yubikeylockd daemon
that will simply monitor the state of the given USB device.
Daemon based on the sample provided by Apple for IOKit development.

It does two things:

• when device is attached it makes activity via IOPMAssertionDeclareUserActivity call to turn screen on
• after device is detached it uses IORequestIdle to put display to sleep and (if you configured it) also lock the OS X

moved to community projects

The readme on github mentions 2 requirements:
* Configured integration with Yubico PAM module
* Require password immediately after sleep or screen saver begins

while the second makes sense, what does the yubico pam integration bring ? I found a tutorial about it at some point but it would only add the yubikey as a 2nd authentication factor (requiring a pin in addition to the password). Have you been able to work around that and at least remove password entry ?

I am hoping this daemon can be modified to allow for a relaxed security mode. In which it would behave like [url=https://code.google.com/archive/p/reduxcomputing-proximity/]proximity[url] and allow lock / unlock only based on the physical device presence with no additional input. (and yes I am aware that this lowers the security of the system compared to 2 factor, I still think user experience and security is better than the classical password).