Martin Englund's Weblog

I'm back configuring Yubikeys but this time on Solaris 10 as it is what the majority of our servers run.

Here are are the steps required to get it working on Solaris 10 update 6:

Install curl
pkgadd SFWcurl
Configure libyubico-client
configure CPPFLAGS=-I/opt/sfw/include CFLAGS-std=c99 --prefix=/usr
Compile and install
gmake install
Configure pam_yubico
configure --prefix=/usr --without-ldap
Compile and install
gmake install
Setup a user to key mapping file (e.g. /etc/yubikeys)
```
martin:ulbtvceblvrb
```

Configure /etc/pam.conf

other   auth requisite          pam_authtok_get.so.1
other   auth required           pam_unix_cred.so.1
other   auth required           pam_unix_auth.so.1
other   auth required           pam_yubico.so id=16 authfile=/etc/yubikeys ignorepass

Then a ssh login will look like this:

martin@workstation$ ssh server
Password: 
Yubikey for `martin': 
martin@server$

You might have noticed the ignorepass option which I have added, this is to prevent pam_yubico from trying to (re)use the password I typed, nd instead force pam_yubico to prompt me for it. I have sent Simon the diff so he can add it to the next release.

# pkg install -q SUNWruby18 # gem install -y puppet Bulk updating Gem source index for: http://gems.rubyforge.org Successfully installed puppet-0.24.7 Successfully installed facter-1.5.4 Installing ri documentation for puppet-0.24.7... Installing RDoc documentation for puppet-0.24.7...

Old entries