freeradius and yubikeys

Scott Ireland sireland+freeradius at ualberta.net
Tue May 13 17:44:03 CEST 2014


On Mon, May 12, 2014 at 3:19 PM, Arran Cudbard-Bell <
a.cudbardb at freeradius.org> wrote:

> > (YubiKeys are definitely more secure and more universal than smartphone
> apps, but there is a cost attached to purchasing and (re-)programming them).
>
> What cost do you see in (re-)programming them out of interest?
>
> There is a yubikey-personalization CLI utility. Integrate that with some
> large USB hubs, D-BUS and some undergraduates and I imagine the programming
> process would be pretty painless?


Corporate environment rather than educational, so at best we have co-op
placements instead of undergraduates.  :P

That said, it's not so much the initial programming of them that scares me
as the inevitable replacement of lost keys (which, in fairness, is just the
initial programming of a spare) and occasionally having to reprogram one
that gets out of sync in weird ways (I actually had a YubiKey's HOTP
counter somehow get behind the server's, which should be impossible, but it
happened and prevented all future authentications until I reset the
server's counter and resynced them).  Put users at enough different sites
and things involving physically touching the keys to fix issues get more
challenging.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20140513/1e45789a/attachment-0001.html>


More information about the Freeradius-Users mailing list