Yubico Forum
https://forum.yubico.com/

[Project] [OS X] Yubikey Lock and Unlock Daemon for Mac OS X
https://forum.yubico.com/viewtopic.php?f=8&t=1997		 Page 1 of 1
Author:  Sh71rlic [ Fri Aug 14, 2015 11:50 am ]
Post subject:  [Project] [OS X] Yubikey Lock and Unlock Daemon for Mac OS X
Hi everyone,
some time ago I made a simple solution for the OS X locking and locking with yubikey and I made it available on github at https://github.com/shtirlic/yubikeylockd , I am using it for a while and it works good for me.

Installation

Code:
git clone https://github.com/shtirlic/yubikeylockd.git
cd yubikeylockd && make all


How it works

When you attach Yubikey for the first time launchctl will run yubikeylockd daemon
that will simply monitor the state of the given USB device.
Daemon based on the sample provided by Apple for IOKit development.

It does two things:
  • when device is attached it makes activity via IOPMAssertionDeclareUserActivity call to turn screen on
  • after device is detached it uses IORequestIdle to put display to sleep and (if you configured it) also lock the OS X
Author:  Tom2 [ Thu Aug 20, 2015 10:19 am ]
Post subject:  Re: Yubikey Locking and Unlocking Daemon for OS X
moved to community projects
Author:  jeantil [ Fri Sep 30, 2016 10:23 pm ]
Post subject:  Re: [Project] [OS X] Yubikey Lock and Unlock Daemon for Mac
The readme on github mentions 2 requirements:
* Configured integration with Yubico PAM module
* Require password immediately after sleep or screen saver begins

while the second makes sense, what does the yubico pam integration bring ? I found a tutorial about it at some point but it would only add the yubikey as a 2nd authentication factor (requiring a pin in addition to the password). Have you been able to work around that and at least remove password entry ?

I am hoping this daemon can be modified to allow for a relaxed security mode. In which it would behave like [url=https://code.google.com/archive/p/reduxcomputing-proximity/]proximity[url] and allow lock / unlock only based on the physical device presence with no additional input. (and yes I am aware that this lowers the security of the system compared to 2 factor, I still think user experience and security is better than the classical password).
Page 1 of 1 All times are UTC + 1 hour
Powered by phpBB® Forum Software © phpBB Group
https://www.phpbb.com/