debian man page for ykpamcfg

Query: ykpamcfg

OS: debian

Section: 1

Format: Original Unix Latex Style Formatted with HTML and a Horizontal Scroll Bar

ykpamcfg(1)						      General Commands Manual						       ykpamcfg(1)

NAME
ykpamcfg - Manage user settings for the Yubico PAM module.
SYNOPSIS
ykpamcfg [-1 | -2] [-A] [-v] [-h]
OPTIONS
-1 use slot 1. This is the default. -2 use slot 2. -A action choose action to perform. See ACTIONS below. -v enable verbose mode.
ACTIONS
add_hmac_chalresp The PAM module can utilize the HMAC-SHA1 Challenge-Response mode found in YubiKeys starting with version 2.2 for offline authentica- tion. This action creates the initial state information with the C/R to be issued at the next logon. The utility currently outputs the state information to a file in the current user's home directory (~/.yubico/challenge-123456 for a YubiKey with serial number API readout enabled, and ~/.yubico/challenge for one without). The PAM module supports a system wide directory for these state files (in case the user's home directories are encrypted), but in a system wide directory, the 'challenge' part should be replaced with the username. Example : /var/yubico/challenges/alice-123456. To use the system-wide mode, you currently have to move the generated state files manually and configure the PAM module accordingly.
EXAMPLE
First, program a YubiKey for challenge response on Slot 2 : $ ykpersonalize -2 -ochal-resp -ochal-hmac -ohmac-lt64 -oserial-api-visible ... Commit? (y/n) [n]: y $ Now, set the current user to require this YubiKey for logon : $ ykpamcfg -2 -v ... Stored initial challenge and expected response in '/home/alice/.yubico/challenge-123456'. $ Then, configure authentication with PAM for example like this (make a backup first) : /etc/pam.d/common-auth (from Ubuntu 10.10) : auth required pam_unix.so nullok_secure try_first_pass auth [success=1 new_authtok_reqd=ok ignore=ignore default=die] pam_yubico.so mode=challenge-response auth requisite pam_deny.so auth required pam_permit.so auth optional pam_ecryptfs.so unwrap
BUGS
Report ykpamcfg bugs in the issue tracker <http://code.google.com/p/yubico-pam/issues/list>
SEE ALSO
The yubico-pam home page <http://code.google.com/p/yubico-pam/> YubiKeys can be obtained from Yubico <http://www.yubico.com/>. yubico-pam March 2011 ykpamcfg(1)
Related Man Pages
fingerprint-auth-ac(5) - centos
system-auth-ac(5) - centos
postlogin-ac(5) - centos
yhsm-validation-server(1) - debian
ykpersonalize(1) - debian
Similar Topics in the Unix Linux Community
Insert a line
reading from 2 files through while loop
Help
Perl: Instering Names in to Text.
Automating a Challenge/Response Method.