Yubico Forum

I've followed the steps in both https://github.com/Yubico/yubico-pam and https://developers.yubico.com/yubico-pam/MacOS_X_Challenge-Response.html to get forced authentication to work on my Mac.

I'm running into one issue that I hope is fixable and second feature that I hope exists.

Issue 1.

I can successfully force 2 factor authentication against my account (an Active Directory Account) but my root account and local admin account cannot login with or without my yubikey while this is enabled. Is there a way to set which accounts require this authentication?


Sought Feature.
Is it possible to have my computer lock when i pull the Yubikey out of its USB port? There are times i need to rush away from my computer and pulling the Yubikey would be the most ideal way to quickly secure my machine.

Add users to a "yubikey" group for Yubikey authentication to selectively apply 2-FA to certain users.

Someone on this forum wrote an app named Yubi Monitor. It locks windows when the key is removed. Unfortunately only used the serial number to validate the key. Would be great to have something similar working in challenge-response for example.