hank-test/quick-docs
1
0
Fork 0
mirror of https://pagure.io/fedora-docs/quick-docs.git synced 2024-11-24 21:35:17 +00:00
Code Issues 1 Projects Releases Packages Wiki Activity Actions

pages/yubikey: add warning about online auth method

Browse source
This commit is contained in:
w4tsn 2023-02-26 11:52:18 +01:00
parent dafcba9988
commit b015b9954c
No known key found for this signature in database
1 changed files with 6 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
modules/ROOT/pages/using-yubikeys.adoc
View file

@ -1,7 +1,7 @@
= Using YubiKeys with Fedora = Using YubiKeys with Fedora
The Fedora docs team The Fedora docs team
:revnumber: unknown :revnumber: unknown
:revdate: 2023-02-12 :revdate: 2023-02-26
:category: Using :category: Using
// :tags: From Source // :tags: From Source
@ -68,6 +68,11 @@ auth sufficient pam_yubico.so id=[Your API Client ID] key=[Your API Cl
Note that the key is optional but without it there is no TLS verification which makes this susceptible to MitM attacks by default. Obtain a key at https://upgrade.yubico.com/getapikey[Yubico]. Note that the key is optional but without it there is no TLS verification which makes this susceptible to MitM attacks by default. Obtain a key at https://upgrade.yubico.com/getapikey[Yubico].
==== ====
[CAUTION]
====
Note that the online auth method won't work if the device is offline and can't reach the YubiCloud.
====
[NOTE] [NOTE]
==== ====
If you have SELinux on the enforcing mode (the default mode), you should flip on the allow_ypbind boolean first, because pam_yubico needs to be able to connect to Yubico's online authentication. servers. If you have SELinux on the enforcing mode (the default mode), you should flip on the allow_ypbind boolean first, because pam_yubico needs to be able to connect to Yubico's online authentication. servers.