Yubico Forum https://forum.yubico.com/ |
|
Issue with OTP second slot on limited edition yubikeys https://forum.yubico.com/viewtopic.php?f=16&t=1847 |
Page 1 of 1 |
Author: | frog [ Wed Apr 22, 2015 12:09 pm ] |
Post subject: | Issue with OTP second slot on limited edition yubikeys |
Hi, We ordered a batch of limited edition 3-colour yubikeys (red/white/green) and the first short-press slot is working fine in OTP mode, but we're having trouble with the long-press second slot. Are there some limitations on these yubikeys that would prevent us from using the second slot in otp mode? We're programming both slots into otp mode using the personalization tool on windows, closing the tool and then adding a keypress and aes code into the local yubipam user helper. The first slot will authenticate fine and returns codes yubipam accepts, yubipam rejects all logins from the second slot. This was tested by reinitialising both slots on the yubikey, registering each slot against a new user and then only the user mapped to the first slot works, the user mapped to the second slot cannot authenticate at all. We have tested some upgrades and alternative versions of yubipam, but it only appears to be these new yubikeys and the second slot it has issue with. An older yubikey running firmware 2.2.3 works fine, the new ones just dont seem to be happy with that second slot. Any ideas? I've included some data below that may be useful but some help would be much appreciated! Cheers, Code: [11:32 root:~]# ykpasswd -a -u test1 -o vvibuirgjcelegnvclekiltljngchvfnifvlnfnnvtgh
Adding Yubikey entry for test1 AES key [exactly 32 hex chars]: 3bcfef7da404e7f700719af19d6106b7 Using public UID: ff 71 e7 c5 80 3a Using private UID: 22 ff f8 14 3a 05 Completed successfully. [11:34 root:~]# ykpasswd -a -u test2 -o vvntfltfgncgurnuegciulbfrejntnlclnuledudhbrc Adding Yubikey entry for test2 AES key [exactly 32 hex chars]: 1031577e37f3709f8b3e1c9ef0b906d1 Using public UID: ff bd 4a d4 5b 05 Using private UID: 98 a8 76 3a 8d 8b # first press of slot 1 [11:34 root:~]# ykvalidate -u test1 vvibuirgjceluvbklnienvbvvlllrjrrcvrhkgviriev test1: OTP is VALID. # first press of slot 2 [11:34 root:~]# ykvalidate -u test2 vvntfltfgncgcgjtinntuitctlgthrbedcnfdbbgdrnv test2: OTP is INVALID! We then reran it with an older yubikey: [12:07 root:~]# ykpasswd -a -u test1 -o vvedjfgfrtdfkfhikugekeckgdbhvlukvdgddhevvbcu Adding Yubikey entry for test1 AES key [exactly 32 hex chars]: 73a6ad28ea768aabe735d66000bc594d Using public UID: ff 32 84 54 cd 24 Using private UID: be 62 3c 0b 7a df Completed successfully. [12:07 root:~]# ykpasswd -a -u test2 -o vvbueitifvlecnvtnhffieiuurcubgfencejrcnkuhii Adding Yubikey entry for test2 AES key [exactly 32 hex chars]: 06a6bbd78aecdf22926bbd55228023e2 Using public UID: ff 1e 37 d7 4f a3 Using private UID: 91 ce 05 ef 55 7a Completed successfully. [12:07 root:~]# ykvalidate -u test1 vvedjfgfrtdfknukvigjnrnnjtdrnjnhrnrjbcchubcv test1: OTP is VALID. [12:07 root:~]# ykvalidate -u test2 vvbueitifvlegvnvhcfibivcnubviijcrhcnjhgltjkh test2: OTP is VALID. |
Author: | Tom2 [ Thu Apr 23, 2015 9:18 am ] |
Post subject: | Re: Issue with OTP second slot on limited edition yubikeys |
please contact yubi.co/support |
Page 1 of 1 | All times are UTC + 1 hour |
Powered by phpBB® Forum Software © phpBB Group https://www.phpbb.com/ |