= How to use the !YubiKey authentication extension = == Logging in == To begin with all users can login using their regular username/password combination. Enter the ''username'' in the '''!YubiKey''' field and the ''password'' in the '''Password''' field. Once a user has been assigned a !YubiKey (see below), that user must always login with the !YubiKey³. 1. Insert the !YubiKey in a USB port. 2. Make sure the '''!YubiKey''' field has focus and touch the button on the !YubiKey. 3. A one-time-password is generated and focus is shifted to the '''Password''' field. 4. Enter the ''password'' and click '''Login'''. == Assign !YubiKeys to users == 1. To assign a !YubiKey to a user, the BASE administrator should locate that user in the '''Administrate->Users''' list and open the edit dialog. 2. Switch to the '''!YubiKey''' tab. This should state that no !YubiKey is enabled for the account. Pick a new !YubiKey from the stock of !YubiKeys and insert into a USB port. 3. Make sure that the '''!YubiKey one-time-password''' field has the focus and then touch the !YubiKey button to generate a one-time-password. The password is sent to the !YubiCloud for verification. 4. If the verification is successful the dialog should switch to reflect the fact that the account is now !YubiKey-enabled. Take out the !YubiKey and enter the serial number into the '''Serial #''' field (optional). Save! == Unassign a !YubiKey == Click on the '''Remove''' in the '''!YubiKey''' tab in the '''Edit user''' dialog. Save! == Notes! == 1. ~~The ''root'' account can always login with username/password, even if a !YubiKey has been assigned.~~[[BR]]Since BASE 3.5 the root account will always use the !YubiKey if one has been assigned. See http://base.thep.lu.se/ticket/1907 for more information. 2. It is possible to assign the same !YubiKey to more than one user account if the passwords are not the same. This might be practical for persons that have one regular account for daily usage and one account for administrative needs. 3. Since version 1.5, the administrator may allow other authentication methods.