freeradius and yubikeys

Frederic Van Espen at
Sun May 11 10:01:41 CEST 2014

On Sat, May 10, 2014 at 8:01 PM, Arran Cudbard-Bell
<a.cudbardb at> wrote:
> Good catch. Half the original auth code got the passcode from char *passcode, and the other used VALUE_PAIR *request->password *sigh*. Ok, all uses passcode now, should work.

Confirmed working fine now :)

> You know you can do the decryption locally right? You don't need to use their servers. The module didn't even have support for ykclient until they grumbled about it.
> You can put the shared keys in LDAP as well, you just need to figure out a place to stick the replay counters.

I do know :) I'm currently just trying to set up a small prototype,
but admittedly, I haven't done all that much research yet on how to
make things run locally. But I'm really going to use all this in
production, that's certainly the way we'll go.

Thanks a bunch for all your efforts!


More information about the Freeradius-Users mailing list