| Yubico Forum https://forum.yubico.com/ |
|
| [SOLVED] PIN caching https://forum.yubico.com/viewtopic.php?f=26&t=2068 |
Page 1 of 1 |
| Author: | jfm2038 [ Sat Oct 24, 2015 6:02 pm ] |
| Post subject: | [SOLVED] PIN caching |
I use my Yubikeys NEO with the personal certificate PKCS installed in the PIV applet. I use also a VPN client (Foticlient from Fortigate) to acces to my corporate network. I have the problem that the VPN client ask me many times the PIN, because make serveral conection stages. The question is: is posible make PIN caching (time configurable if possible) to avoid the annoyance and ask me the PIN the first time only in each connection? (I work with Windows 7/64 b) Thanks in advance. |
|
| Author: | mouse008 [ Sun Nov 15, 2015 11:53 pm ] |
| Post subject: | Re: [QUESTION] PIN caching |
jfm2038 wrote: I use my Yubikeys NEO with the personal certificate PKCS installed in the PIV applet. I use also a VPN client (Foticlient from Fortigate) to acces to my corporate network....... The question is: is posible make PIN caching (time configurable if possible) to avoid the annoyance and ask me the PIN the first time only in each connection? (I work with Windows 7/64 b) Thanks in advance. I suspect that the key used for this authentication is Digital Signature key. I think PIV standard forbids using that key without a PIN (i.e. one must re-enter PIN every time this private key is used). If your VPN client would allow PIN caching and would pass your PIN to NEO every time it's needed - that's up to the client. But I don't think there's a way (or even should be a way) to tell NEO to stop asking for PIN for this key. Another possibility is to use one of the other keys (the card allows 4 keys in the PIV applet). Probably PIV Auth or Card Auth key would do... |
|
| Author: | jfm2038 [ Mon Nov 16, 2015 4:05 pm ] |
| Post subject: | Re: [SOLVED] PIN caching |
Thanks a lot, mouse008 I instaled my certificate in the slot 9a (PIV Authentication) and the VPN-SSL client ask me the PIN only in the initial stage of the connection process. Bests regards. |
|
| Page 1 of 1 | All times are UTC + 1 hour |
| Powered by phpBB® Forum Software © phpBB Group https://www.phpbb.com/ |
|