On 09/05/18 20:34, Robert Ames wrote:
On Wed, Sep 05, 2018 at 01:00:20PM +0930, O'Connor, Daniel wrote:
On 5 Sep 2018, at 12:43, Robert Ames <[email protected]> wrote:
On 5 Sep 2018, at 08:33, Robert Ames <[email protected]> wrote:
FreeBSD sees the device:
Sep 4 17:25:13 freebsd kernel: ugen1.4: <Yubico Security Key by Yubico> at
usbus1
Sep 4 17:25:13 freebsd kernel: uhid0 on uhub4
Sep 4 17:25:13 freebsd kernel: uhid0: <Yubico Security Key by Yubico, class 0/0,
rev 2.00/5.02, addr 4> on usbus1
So should this just work out of the box or is there something I'm
missing?
Hi Robert,
I don't have any Yubikeys but have you tried checking the permissions of
/dev/uhid0* and /dev/ugen1.4 (which will be a symlink to usb/1.4.0) ?
You can chmod them for now and then if that works have a devd conf or devfs
rule which sets the permissions appropriately when the device is connected.
If permissions are the problem it would be nice to see if the error message can
be improved too :)
--
Daniel O'Connor
I had done a manual chmod 777 /dev/usb/1.4.0 but had overlooked /dev/uhid0.
Once I did a chmod 777 on that it worked. Thank you. Any suggestions on the
best way to add a devd conf or devfs rule for this thing?
Add this to /etc/devfs.conf..
[root=100]
add path 'uhid*' group users mode 660
(Assuming your user is in the 'users' group - adjust to taste, devfs(8) has the
details)
And this to /etc/rc.conf..
devfs_system_ruleset="root"
Then do..
sudo service devfs restart
And unplug/replug the key.
--
Daniel O'Connor
Yes, that works (using /etc/devfs.rules). Thanks. I also got it to work
using /etc/devd.conf
# Yubico Security Key
attach 100 {
match "vendor" "0x1050";
match "product" "0x0120";
device-name "uhid[0-9]+";
action "/usr/sbin/chown robert /dev/$device-name";
};
running "usbconfig dump_device_desc" to get the vendor and product ids.
I didn't have to touch /dev/ugen1.4 or /dev/usb/1.4.0. Not sure which is
the more correct way to do this. But they both work.
So things now work great on the Yubico demo site. Sadly I cannot get it
to work in Google. Google doesn't respond when I press the gold disc
during the registration process.
There is a port, security/u2f-devd [0] that sets up devd rules for use
with yubico and other devices. That works great for me. Install it and
follow the instructions.
[0] https://www.freshports.org/security/u2f-devd/
Regards
--
Niclas
_______________________________________________
[email protected] mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "[email protected]"
