I've been experimenting with switching over one of my laptops to OpenBSD, but there is one main problem stopping me from switching. The support for Yubikeys and U2F.
I'm try to gather a list of things that currently doesn't work. And maybe find some collaborators to investigate and maybe fix the issues. So if you are interested to work on any of these or have further information please post on this thread. A) Yubikey-manager (ykman) is the new Yubikey CLI. I got it to install but only one out of three transport (protocols) works. OTP works. CCID fails connecting to the Yubikey via pcscd, further investigation needed (this is hopefully not to hard to fix). FIDO doesn't work since the pyu2f library doesn't support OpenBSD, this is probably not to hard to fix. I'm tracking these in [1]. B) Chromium (v 65.0.3325.181) crashes when U2F auth is requested and a key is inserted, see [2]. I haven't yet debugged this, but fixing this probably requires a fair amount of knowledge about Chromiums internals. C) Firefox (v 59.0.2) doesn't officially support U2F but have a config option to enable this [3][4]. Unfortunately this doesn't work on OpenBSD (but macOS for example). (Firefox 60 is supposed to support the new FIDO2 standard this might improve on U2F support too.) [1] https://github.com/Yubico/yubikey-manager/issues/124 [2] https://bugs.chromium.org/p/chromium/issues/detail?id=451248 [3] https://discourse.mozilla.org/t/u2f-standard-to-firefox/23301/2 [4] https://www.yubico.com/2017/11/how-to-navigate-fido-u2f-in-firefox-quantum/
