wiki:net.sf.basedb.yubikey/using

Version 5 (modified by Nicklas Nordborg, 6 years ago) ( diff )

Added note related to #1086

How to use the YubiKey authentication extension

Logging in

To begin with all users can login using their regular username/password combination. Enter the username in the YubiKey field and the password in the Password field.

Once a user has been assigned a YubiKey (see below), that user must always login with the !YubiKey³.

  1. Insert the YubiKey in a USB port.
  2. Make sure the YubiKey field has focus and touch the button on the YubiKey.
  3. A one-time-password is generated and focus is shifted to the Password field.
  4. Enter the password and click Login.

Assign YubiKeys to users

  1. To assign a YubiKey to a user, the BASE administrator should locate that user in the Administrate->Users list and open the edit dialog.
  2. Switch to the YubiKey tab. This should state that no YubiKey is enabled for the account. Pick a new YubiKey from the stock of YubiKeys and insert into a USB port.
  3. Make sure that the YubiKey one-time-password field has the focus and then touch the YubiKey button to generate a one-time-password. The password is sent to the YubiCloud for verification.
  4. If the verification is successful the dialog should switch to reflect the fact that the account is now YubiKey-enabled. Take out the YubiKey and enter the serial number into the Serial # field (optional). Save!

Unassign a YubiKey

Click on the Remove in the YubiKey tab in the Edit user dialog. Save!

Notes!

  1. The root account can always login with username/password, even if a YubiKey has been assigned.
    Since BASE 3.5 the root account will always use the YubiKey if one has been assigned. See http://base.thep.lu.se/ticket/1907 for more information.
  2. It is possible to assign the same YubiKey to more than one user account if the passwords are not the same. This might be practical for persons that have one regular account for daily usage and one account for administrative needs.
  3. Since version 1.5, the administrator may allow other authentication methods.
Note: See TracWiki for help on using the wiki.