Yubico Forum

Hello,

I was wondering if someone might be able to help me with this.

I would like a piece of software to run on my terminal servers that only allows log in if the Yubikey (which is assosciated to an individiual user) is plugged in and the user enters their Windows domain password correctly.

I do not want an extra PIN for users to remember. I want each Yubikey to be assosciated with an individual user. I do not want the user's password stored on the Yubikey, just an identifier to say 'this is user1'.

I would also like some software to centrally manage the Yubikeys to assign user IDs to the keys and to disable them if needed.

Is this possible? What software do I need?

Regards


James

The YubiKey is a primarily a onetime password generator device and has very little memory, only enough for its base functionality. A YubiKey cannot be used as a general password storage device. Whenever, the YubiKey button is pressed, it generates a one time password which is valid only once.

The YubiKey is a write only device i.e. information can only be written to YubiKey and can not be read from it. Hence it is not possible to determine automatically (by reading the information stored in the YubiKey) if the YubiKey belongs to a particular user or not. Users need to provide YubiKey OTP at the time of authentication so that the username to YubiKey mapping can be verified.

AuthLite software provides YubiKey based two factor authentication for Windows Logon based on YubiKey OTP and user's Windows domain credentials. AuthLite also provides centralized management of the YubiKeys. However, we are not sure if it provides YubiKey based authentication for remote terminal access. Please contact AuthLite support for more information about their product.