Yubico Forum
https://forum.yubico.com/

[QUESTION] Use YubiKey 4 on dual booting Mac (osx+windows)?
https://forum.yubico.com/viewtopic.php?f=35&t=2341
Page 1 of 1

Author:  laura [ Sun Jun 12, 2016 4:10 pm ]
Post subject:  [QUESTION] Use YubiKey 4 on dual booting Mac (osx+windows)?

Hi, can anyone help with this?

I've got a Macbook Pro and use a YubiKey 4 (+ a backup!) which is configured in 2 ports (OTP and -i think- Challenge Response Mode). So I use it for LastPass/Google etc online which I believe is the OTP... and also use it when logging into OSX or when coming out of screensaver which I think is the Challenge Response Mode.

I have just installed Windows 10 Pro so my MacBook can run either OSX or Windows, depending on what I choose at start up.

My question is, if my YubiKey is already using both ports, is it possible to use it for signing into Windows as well? Would Windows sign on need to be configured in it's own port or can it use the same configuration I use for the OSX sign on/screensaver?

Ideally I'd like to be able to sign in and unlock screensaver using the YubiKey on both Windows and OSX versions on my MacBook as well as using it for things like LastPass online.

Can I do this? If so, how? I've tried looking for answers on here but can't seem to find one or don't fully understand the set up that is required...

Any help would be much appreciated!

Thanks
Laura

Author:  ChrisHalos [ Tue Jun 14, 2016 4:13 pm ]
Post subject:  Re: [QUESTION] Use YubiKey 4 on dual booting Mac (osx+window

It depends on whether you enabled the setting "require user input" when programming the Challenge-Response credential for OSX. If you didn't, you can use the same credential for Windows Login (but you will still need to follow the setup instructions for the Windows Login Tool, minus the programming of the Challenge-Response credential. If you DID enable "require user input", this credential cannot be used for Windows Login, so you would need to undo the OS X PAM login and start over, making sure that "require user input" isn't enabled when programming the Challenge-Response credential.

Author:  laura [ Tue Jun 14, 2016 6:35 pm ]
Post subject:  Re: [QUESTION] Use YubiKey 4 on dual booting Mac (osx+window

Thanks for your reply!

I don't believe I did enable 'Require User Input' as I followed Yubico's Mac OSX Log on intructions here: https://www.yubico.com/wp-content/uploads/2016/02/Yubico_YubiKeyMacOSXLogin_en.pdf So that's good news!

However, when I go to install the Windows Logon tool it says failed to install because I don't have the .NET framework installed, even though I do have it installed (see screenshots...). Any ideas?

Image

Image

Image

Image

Author:  brendanhoar [ Wed Jun 15, 2016 2:52 pm ]
Post subject:  Re: [QUESTION] Use YubiKey 4 on dual booting Mac (osx+window

You need .Net Framework 3.5, not 4.5.

Newer "versions" of the framework don't "upgrade" older ones, they're a new "target" for programs. If it needs 3.5, you need to install 3.5.

Brendan

Author:  laura [ Thu Jun 16, 2016 2:46 pm ]
Post subject:  Re: [QUESTION] Use YubiKey 4 on dual booting Mac (osx+window

Ah ok thanks! That worked. Following the link from the dialogue box just automatically took me to 4.5 so I assumed it was ok!

So kind-of-success. I have configured 1 YubiKey for windows log on. But when I try to program a backup, as recommended, it stops the other key from working for logon. Is there something I'm missing?

Author:  ChrisHalos [ Mon Jun 20, 2016 5:40 pm ]
Post subject:  Re: [QUESTION] Use YubiKey 4 on dual booting Mac (osx+window

You have to program both YubiKeys with the same Challenge-Response credential, so:

(1) Disable the YubiKey requirement in YubiKey Logon Administration

(2) Follow the steps in the documentation to program the Challenge-Response credential in YubiKey 1

(3) With the Challenge-Response window in the Personalization Tool still open, remove YubiKey 1, insert YubiKey 2 and click "Write Configuration" again

(4) Return to YubiKey Logon Administration and enable the YubiKey requirement, select the user account, click Configure, then Test

(5) Reboot

Both YubiKeys now have the same credential programmed, so you should be able to use either to perform the login.

Page 1 of 1 All times are UTC + 1 hour
Powered by phpBB® Forum Software © phpBB Group
https://www.phpbb.com/