Yubico Forum

...visit our web-store at store.yubico.com
It is currently Tue Jan 30, 2018 3:03 pm

All times are UTC + 1 hour

Post new topic Reply to topic  [ 2 posts ] 
Author Message
PostPosted: Thu Oct 18, 2012 1:07 am 

Joined: Thu Oct 18, 2012 12:59 am
Posts: 1
I've been searching for a solution, and I will admit I'm not very good with FreeRADIUS (yet...). I set up the YubiRADIUS VA successfully, and am able to authenticate via RADIUS with an Apache page. I want to implement this for a large group of users, but I am not able to purchase Yubikeys for everyone. I would like to have the Yubikey authorization to be toggle-able for a user.

For example:

User1 is a system administrator. Their account has access to sensitive information. User2 is a standard user, which has access to only non-sensitive systems and data. Assume Active Directory.

User1 has a Yubikey assigned to them. They will always need to use their Yubikey when they want to log in (appended to their password).
User2 does not have a Yubikey. They should be able to use their username and password, without a Yubikey.

Both authorizations would be done against the same RADIUS server. Even better would be to do this with groups (members of a certain group require Yubikeys).

Is there any way to get this going? I know the ideal solution is to give everyone a Yubikey, but that is not practical for my application.

-Andrew, lurch89

Reply with quote  

Share On:

Share on Facebook FacebookShare on Twitter TwitterShare on Tumblr TumblrShare on Google+ Google+

PostPosted: Fri Dec 07, 2012 9:10 am 

Joined: Thu Nov 10, 2011 8:48 pm
Posts: 22
You can assign a temporary fixed code to user2.
Inform user2 about the code and user2 can then login using his normal credentials and use the temporary code in the yubikey field.
Temporary codes can be set from the yubiradius management page.

We use this if someone has lost his yubikey and needs access to our Citrix farm.
We then set the temp. code to be valid for only 2 or 3 days, the time it takes for the new yubikey to reach him.

Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 2 posts ] 

All times are UTC + 1 hour

Who is online

Users browsing this forum: No registered users and 0 guests

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group