From b015b9954cd710d1bc9fffb04a758c1fd579cc5c Mon Sep 17 00:00:00 2001 From: w4tsn Date: Sun, 26 Feb 2023 11:52:18 +0100 Subject: [PATCH] pages/yubikey: add warning about online auth method --- modules/ROOT/pages/using-yubikeys.adoc | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/modules/ROOT/pages/using-yubikeys.adoc b/modules/ROOT/pages/using-yubikeys.adoc index 7939402..be0b847 100644 --- a/modules/ROOT/pages/using-yubikeys.adoc +++ b/modules/ROOT/pages/using-yubikeys.adoc @@ -1,7 +1,7 @@ = Using YubiKeys with Fedora The Fedora docs team :revnumber: unknown -:revdate: 2023-02-12 +:revdate: 2023-02-26 :category: Using // :tags: From Source @@ -68,6 +68,11 @@ auth sufficient pam_yubico.so id=[Your API Client ID] key=[Your API Cl Note that the key is optional but without it there is no TLS verification which makes this susceptible to MitM attacks by default. Obtain a key at https://upgrade.yubico.com/getapikey[Yubico]. ==== +[CAUTION] +==== +Note that the online auth method won't work if the device is offline and can't reach the YubiCloud. +==== + [NOTE] ==== If you have SELinux on the enforcing mode (the default mode), you should flip on the allow_ypbind boolean first, because pam_yubico needs to be able to connect to Yubico's online authentication. servers.