Hacker News new | ask | show | jobs
by timothy-quinn 2190 days ago
Does anyone use YubiKeys on OSX for business use? I've tried integrating them on my personal mac before, but the U2F PAM experience was pretty clunky, and caused weird messages from services like Keychain that (I guess) couldn't decrypt without normal credentials being provided at logon.
2 comments
ciarannolan 2190 days ago
How were you integrating them on your personal OSX system?
link
timothy-quinn 2190 days ago
Luckily I wrote down the steps I took. Based on this, but the original seems to be gone now: https://nicluo.com/projects/secure-your-mac-with-yubico-u2f-...

  brew install pam-u2f
  mkdir -p ~/.config/Yubico/
  pamu2fcfg > ~/.config/Yubico/u2f_keys
  <Press the U2f device>
  cat ~/.config/Yubico/u2f_keys # should output <your username>:<really long hash>

  In /etc/pam.d/screensaver 
  Add to the top:
  auth       sufficient     pam_u2f.so

  In /etc/pam.d/authorization
  Add to the top:
  auth       sufficient     pam_u2f.so
link
kevan 2190 days ago
Yes, I use one daily and haven't had any issues.
link