Never Ending Security

It starts all here

Two-factor authentication on OS X, with a Yubikey

Setting up your YubiKey:

Install the “YubiKey Personalization Tool”

Set a challenge-response (HMAC-SHA1) on the second slot of your YubiKey

– Select Configuration Slot 2
– Select Variable input for HMAC-SHA1 Mode
– Click Generate to generate a new Secret Key (20 bytes Hex)
– Click Write Configuration

Your YubiKey is now ready.

Prepare your Mac to use your YubiKey:

Open a new terminal session as user and install the YubiKey pam module (with brew):
terminal (user)
$ brew install pam_yubico
$ sudo cp /usr/local/Cellar/pam_yubico/2.16/lib/security/ /usr/lib/pam/

Generate a challenge in the user homedir:
terminal (user)
$ mkdir ~/.yubico
$ ykpamcfg -2

A new challenge will be written in the directory ~/.yubico/
Change the authentication process for screensaver

It is advisable to start with requiring a YubiKey for screensaver login and verify your changes before continuing with other authentication modules. This case, if an error occurs, you can still login using the normal login screen.

From the root terminal, add the line auth required mode=challenge-response to the following file: /etc/pam.d/screensaver

Open a terminal session as root.
$ sudo su
Edit the file:
terminal (root)
$ vi /etc/pam.d/screensaver
Add the line:
auth required mode=challenge-response
Do the same for the file: /etc/pam.d/authorization
$ vi /etc/pam.d/authorization
Add the line:
auth required mode=challenge-response

Verify the authentication process:

Set your OSX to require a password on screen saver
Detach the YubiKey and enable screensaver
Enter your username/password, access should be blocked.
Now insert your YubiKey and login, access should be granted.

If these steps succeed, you can finish the changes to the authentication process

P.S. If login still fails, click Switch User and retry logging in. A different authentication module is used during this login.

2 responses to “Two-factor authentication on OS X, with a Yubikey

  1. Etta 2 June 2015 at 05:52

    Hey there! I’m at work surfing around your blog from my new
    iphone 4! Just wanted to say I love reading your blog and look forward to all your
    posts! Carry on the great work!

  2. 22 May 2015 at 11:44

    Hello Web Admin, I noticed that your On-Page SEO is is missing a few factors, for one you do not use all three H tags in your post, also I notice that you are not using bold or italics properly in your SEO optimization. On-Page SEO means more now than ever since the new Google update: Panda. No longer are backlinks and simply pinging or sending out a RSS feed the key to getting Google PageRank or Alexa Rankings, You now NEED On-Page SEO. So what is good On-Page SEO?First your keyword must appear in the title.Then it must appear in the URL.You have to optimize your keyword and make sure that it has a nice keyword density of 3-5% in your article with relevant LSI (Latent Semantic Indexing). Then you should spread all H1,H2,H3 tags in your article.Your Keyword should appear in your first paragraph and in the last sentence of the page. You should have relevant usage of Bold and italics of your keyword.There should be one internal link to a page on your blog and you should have one image with an alt tag that has your keyword….wait there’s even more Now what if i told you there was a simple WordPress plugin that does all the On-Page SEO, and automatically for you? That’s right AUTOMATICALLY, just watch this 4minute video for more information at. Seo Plugin

Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s