I am really very pleased to be writing this article as I’ve been wanting to see this functionality ever since I first started getting into FreeIPA and using Yubikeys.
If you are are Yubikey user/admin, chances are you are a little, if not very, frustrated that there is no simple way to centrally manage your users and key tokens.
The way most One Time Password(OTP) solutions work is based on a central server which maps a token to a user. Yubico however, use a local text file on each individual system, which map a username to a specific key token. This is a very clunky method, especially if you are managing very large numbers of servers.
Well, with a bit of work, and with huge thanks to Michal Ludvig, we now have a way of integrating Yubikey’s directly into an LDAP based directory server.
I came across his article on a Google+ post detailing how he has provided a way for this to become reality. I am still unbelievably impressed.
You can read his original article here. http://www.logix.cz/michal/devel/yubikey-ldap/
I have absolutely no intention of trying to steal any thunder away from what Michal has done here. It is truly fantastic.
In this article, I am simply providing a very quick and easy way of storing Yubikey token ID’s inside of FreeIPA 3.0 on Red Hat Enterprise Linux 6.4 (Beta)
I would also like to thank Gavin Spurgeon for his help in clarifying the inner workings of how the integration happens, specifically with FreeIPA as it was not as straight forward as I anticipated.