Re: FreeBSD + Yubikey NEO in OATH-HOTP mode?

On Thu, Jul 9, 2015, at 11:15, Lev Serebryakov wrote: Does somebody succeed to setup FreeBSD for usage with Yubikey NEO token without Yubico authentication service, with OATH-HOTP? What have you tried so far? I don't do the offline auth, but this seems to be documented well in

FreeBSD + Yubikey NEO in OATH-HOTP mode?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Does somebody succeed to setup FreeBSD for usage with Yubikey NEO token without Yubico authentication service, with OATH-HOTP? - -- // Lev Serebryakov -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.22 (MingW32)

Re: FreeBSD + Yubikey NEO in OATH-HOTP mode?

Hi, On 9 July 2015 at 09:15, Lev Serebryakov l...@freebsd.org wrote: Does somebody succeed to setup FreeBSD for usage with Yubikey NEO token without Yubico authentication service, with OATH-HOTP? I don't have the neo but it works, at least, with openssh. See comments in this blog post:

Re: FreeBSD + Yubikey NEO in OATH-HOTP mode?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 09.07.2015 19:20, Mark Felder wrote: Does somebody succeed to setup FreeBSD for usage with Yubikey NEO token without Yubico authentication service, with OATH-HOTP? What have you tried so far? I don't do the offline auth, but this seems

Re: Where 3rd-party PAM modules should be placed?

On Thu, Jul 9, 2015, at 13:05, Lev Serebryakov wrote: `security/pam_ssh_agent_auth' installs PAM module (pam_ssh_agent_auth.so) into `${LOCALBASE}/lib', but `security/pam_yubico' and `security/oath-toolkit' install PAM modules into `${LOCALBASE}/lib/security'. And, by default on

FreeBSD Security Advisory FreeBSD-SA-15:12.openssl

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 = FreeBSD-SA-15:12.opensslSecurity Advisory The FreeBSD Project Topic:

Where 3rd-party PAM modules should be placed?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 `security/pam_ssh_agent_auth' installs PAM module (pam_ssh_agent_auth.so) into `${LOCALBASE}/lib', but `security/pam_yubico' and `security/oath-toolkit' install PAM modules into `${LOCALBASE}/lib/security'. And, by default on 10-STABLE, modules

Re: FreeBSD + Yubikey NEO in OATH-HOTP mode?

I use security/duo with Yubikeys configured as the token all over the place. It works flawlessly with sudo, su, openssh-portable, and the OS openssh. https://svnweb.freebsd.org/ports/head/security/duo/ On Thu, Jul 9, 2015 at 12:15 PM, Lev Serebryakov l...@freebsd.org wrote: -BEGIN PGP

Re: FreeBSD Security Advisory FreeBSD-SA-15:11.bind

On Wed, 8 Jul 2015 12:49:12 -0500, Mark Felder wrote: No workaround is available, but only systems that are manually configured to enable DNSSEC validation are affected. would be a reasonable statement. Agreed. DNSSEC may become mandatory, and while surely 'best practice', it's not yet

Re: FreeBSD Security Advisory FreeBSD-SA-15:12.openssl

On 2015-Jul-09 17:32:19 +, FreeBSD Security Advisories security-advisor...@freebsd.org wrote: NOTE WELL: This issue does not affect earlier FreeBSD releases, including the supported 8.4, 9.3 and 10.1-RELEASE because the alternative certificate chain feature was not introduced in these