Yubico Forum

...visit our web-store at store.yubico.com
It is currently Tue Jan 30, 2018 6:51 pm

All times are UTC + 1 hour




Post new topic Reply to topic  [ 1 post ] 
Author Message
PostPosted: Sun Jun 12, 2016 2:45 am 
Offline

Joined: Sun Jun 12, 2016 2:10 am
Posts: 1
Dear Yubico:

Up-front apology for the length of this. Trying to be as informative as possible from the outset.

For context, the company I work for moved to 2FA a good while back. Most folks installed Google Authenticator on their phones, but I did not have that option and so our IT department got me a YubiKey. At that time the machine I was issued was a Dell Latitude running Windows 7. For VPN, we use OpenVPN. The method that I used was to run OpenVPN, connect to our corporate VPN server, enter my LDAP password, and then I was prompted for the 6-digit code. I used YubiTOTP.exe to copy the 6-digit time-based one-time password to the clipboard, then pasted it into the entry field and everything worked.

I should probably note that I am a "technical" user in that I'm an engineer with many years of software and hardware experience, almost all of which is in the UNIX-family.

Fast forward to today, when my Dell is replaced with a MAC running 10.11.5. I've got the same YubiKey, and am trying to figure out how to use it with OpenVPN.

I've now read the YubiKey 4 product sheet, the YubiKey Manual 3.4, and the Yubico Authenticator User's Guide. However I don't seem to "get it."

Here is what I have done:
    I installed the Yubico Authenticator.
    I inserted the YubiKey 4, and saw the steady green light.
    I check the USB ports and see "Yubico Yubikey II"
    I opened an iTerm, pressed the YubiKey, and saw the expected output per the manual.

Here I seem to come off the rails.
    I start the Yubico Authenticator ("YA") and see a window which indicates "Insert a YubiKey." Yet one is inserted. So I start over.
    I quit the YA and remove the YubiKey.
    I start the YA and then insert the YubiKey, but the YA still shows "Insert a Yubikey."

So this is question #1: Is the above YA behavior normal/expected? If not, what should I do?

Of course, the ultimate goal is to get a 6-digit TOTP out of this, as I did with Windows and YubiTOTP.exe. However, I've re-read parts of the documentation multiple times, and searched the web a good bit, to no avail. I was thinking that I would see some instructions on how to configure the device so that touching the contact switch either short or long would produce a 6-digit TOTP. Surely it's there an I'm blind to it.

So this is question #2: Is there a way to simply be able to put the cursor in the OpenVPN entry field, press the contact switch, and YubiKey enters the 6-digit TOTP?

I also had thought that perhaps there is a way to use the YA as a means to do what YubiTOTP.exe does on Windows, meaning that there would be a way for YA to copy a TOTP to the clipboard allowing me to do the pasting. This seemed hopeful in that there were examples in the YA user's guide that talked of exactly this kind of procedure once one has set up a particular app. However, as far as I can tell, I'm not aware of any QR code or any other credential associated with the OpenVPN client (but I know nothing about it).

And so I reach final question #3: Is there a way to use YA to copy a TOTP to the clipboard, either because there is a credential associated with the OpenVPN client, or because YA can simply do the same thing as YubiTOTP.exe?

Thanks for any and all help.

Blessings,
Doug


Top
 Profile  
Reply with quote  

Share On:

Share on Facebook FacebookShare on Twitter TwitterShare on Tumblr TumblrShare on Google+ Google+

Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 1 post ] 

All times are UTC + 1 hour


Who is online

Users browsing this forum: No registered users and 5 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group