FreeBSD + Yubikey NEO in OATH-HOTP mode?

2015-07-09 Thread Lev Serebryakov
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Does somebody succeed to setup FreeBSD for usage with Yubikey NEO token without Yubico authentication service, with OATH-HOTP? - -- // Lev Serebryakov -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.22 (MingW32) iQJ8BAEBCgBmBQJVnp4+XxSAAC4

Re: FreeBSD + Yubikey NEO in OATH-HOTP mode?

2015-07-09 Thread Mark Felder
On Thu, Jul 9, 2015, at 11:15, Lev Serebryakov wrote: > > Does somebody succeed to setup FreeBSD for usage with Yubikey NEO > token without Yubico authentication service, with OATH-HOTP? > What have you tried so far? I don't do the offline auth, but this seems to be documented well in ykpamcf

Re: FreeBSD + Yubikey NEO in OATH-HOTP mode?

2015-07-09 Thread jungle Boogie
Hi, On 9 July 2015 at 09:15, Lev Serebryakov wrote: > Does somebody succeed to setup FreeBSD for usage with Yubikey NEO > token without Yubico authentication service, with OATH-HOTP? I don't have the neo but it works, at least, with openssh. See comments in this blog post: http://sysconfig.org.u

Re: FreeBSD + Yubikey NEO in OATH-HOTP mode?

2015-07-09 Thread Lev Serebryakov
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 09.07.2015 19:20, Mark Felder wrote: >> Does somebody succeed to setup FreeBSD for usage with Yubikey >> NEO token without Yubico authentication service, with OATH-HOTP? >> > > What have you tried so far? I don't do the offline auth, but this >

FreeBSD Security Advisory FreeBSD-SA-15:12.openssl

2015-07-09 Thread FreeBSD Security Advisories
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 = FreeBSD-SA-15:12.opensslSecurity Advisory The FreeBSD Project Topic:

Where 3rd-party PAM modules should be placed?

2015-07-09 Thread Lev Serebryakov
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 `security/pam_ssh_agent_auth' installs PAM module (pam_ssh_agent_auth.so) into `${LOCALBASE}/lib', but `security/pam_yubico' and `security/oath-toolkit' install PAM modules into `${LOCALBASE}/lib/security'. And, by default on 10-STABLE, modules f

Re: Where 3rd-party PAM modules should be placed?

2015-07-09 Thread Mark Felder
On Thu, Jul 9, 2015, at 13:05, Lev Serebryakov wrote: > > `security/pam_ssh_agent_auth' installs PAM module > (pam_ssh_agent_auth.so) into `${LOCALBASE}/lib', but > `security/pam_yubico' and `security/oath-toolkit' install PAM modules > into `${LOCALBASE}/lib/security'. > > And, by default on

Re: Where 3rd-party PAM modules should be placed?

2015-07-09 Thread Lev Serebryakov
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 09.07.2015 21:35, Mark Felder wrote: > For the record, I've always used full path names in my /etc/pam.d > files to enable additional modules. Being able to use the short > names would be nice. pam.conf(5) says: The module-path field specifies t

Re: FreeBSD Security Advisory FreeBSD-SA-15:12.openssl

2015-07-09 Thread Peter Jeremy
On 2015-Jul-09 17:32:19 +, FreeBSD Security Advisories wrote: >NOTE WELL: This issue does not affect earlier FreeBSD releases, including the >supported 8.4, 9.3 and 10.1-RELEASE because the alternative certificate chain >feature was not introduced in these releases. Only 10.1-STABLE after >2

Re: FreeBSD + Yubikey NEO in OATH-HOTP mode?

2015-07-09 Thread Robert Simmons
I use security/duo with Yubikeys configured as the token all over the place. It works flawlessly with sudo, su, openssh-portable, and the OS openssh. https://svnweb.freebsd.org/ports/head/security/duo/ On Thu, Jul 9, 2015 at 12:15 PM, Lev Serebryakov wrote: > -BEGIN PGP SIGNED MESSAGE- >