Yeah I can do that, also some settings in the Yubico software you need to leave default or the token will never match with what the server says.
I have not done any digging yet, but im guessing once I make a account I can post it to the main docs/howto section. On Sat, Mar 12, 2016 at 6:16 PM, Christopher Young <[email protected]> wrote: > This is great work. Could you perhaps write up a Howto of some sort? I > could definitely use this! > > On Mar 12, 2016 11:27 AM, "Brad Bendy" <[email protected]> wrote: >> >> After doing some more trial and error I got it it to work. >> >> Take the 20 byte secret key, remove the spaces and convert to base 32. >> Also disable OATH Token Identifier in the YubiKey tool. >> >> I used this tool to convert it >> http://tomeko.net/online_tools/hex_to_base32.php?lang=en >> >> Then take that base32 value and insert into the secret field on >> FreeIPA add token screen and your good to go, I used sha1 for >> algorithm. >> >> On Sat, Mar 12, 2016 at 8:47 AM, Brad Bendy <[email protected]> wrote: >> > Hi, >> > >> > YubiKey supports HOTP it appears, but im having a heck of a time >> > getting the token to add FreeIPA. The YubiKey tool gives me the OATH >> > Token which is 6 bytes and the secret key in 20 bytes hex. Ive entered >> > the secret key and OATH token into the "key" field, ive tried all >> > algorithms and get the error of "invalid 'ipatokenotpkey': Non-base32 >> > digit found" >> > >> > Am I missing something? Or is this just not possible at all? I can't >> > find any documentation on Google saying how to set these up. >> > >> > Thanks! >> >> -- >> Manage your subscription for the Freeipa-users mailing list: >> https://www.redhat.com/mailman/listinfo/freeipa-users >> Go to http://freeipa.org for more info on the project -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
