[Freeipa-users] YUbiKey for HOTP auth
Brad Bendy
brad.bendy at gmail.com
Sun Mar 13 21:38:16 UTC 2016
Yeah I can do that, also some settings in the Yubico software you need
to leave default or the token will never match with what the server
says.
I have not done any digging yet, but im guessing once I make a account
I can post it to the main docs/howto section.
On Sat, Mar 12, 2016 at 6:16 PM, Christopher Young
<mexigabacho at gmail.com> wrote:
> This is great work. Could you perhaps write up a Howto of some sort? I
> could definitely use this!
>
> On Mar 12, 2016 11:27 AM, "Brad Bendy" <brad.bendy at gmail.com> wrote:
>>
>> After doing some more trial and error I got it it to work.
>>
>> Take the 20 byte secret key, remove the spaces and convert to base 32.
>> Also disable OATH Token Identifier in the YubiKey tool.
>>
>> I used this tool to convert it
>> http://tomeko.net/online_tools/hex_to_base32.php?lang=en
>>
>> Then take that base32 value and insert into the secret field on
>> FreeIPA add token screen and your good to go, I used sha1 for
>> algorithm.
>>
>> On Sat, Mar 12, 2016 at 8:47 AM, Brad Bendy <brad.bendy at gmail.com> wrote:
>> > Hi,
>> >
>> > YubiKey supports HOTP it appears, but im having a heck of a time
>> > getting the token to add FreeIPA. The YubiKey tool gives me the OATH
>> > Token which is 6 bytes and the secret key in 20 bytes hex. Ive entered
>> > the secret key and OATH token into the "key" field, ive tried all
>> > algorithms and get the error of "invalid 'ipatokenotpkey': Non-base32
>> > digit found"
>> >
>> > Am I missing something? Or is this just not possible at all? I can't
>> > find any documentation on Google saying how to set these up.
>> >
>> > Thanks!
>>
>> --
>> Manage your subscription for the Freeipa-users mailing list:
>> https://www.redhat.com/mailman/listinfo/freeipa-users
>> Go to http://freeipa.org for more info on the project
More information about the Freeipa-users
mailing list