I hereby claim:
- I am spmzt on github.
- I am pmousavizadeh (https://keybase.io/pmousavizadeh) on keybase.
- I have a public key ASDcQXglz10wiplIcKet_HKTYMhDs3qhNIhV0eHO0shaHAo
To claim this, I am signing this object:
Pouria Mousavizadeh Tehrani spmzt
🔑
spmzt
/ keybase.md
Created
January 6, 2021 07:41
spmzt
/ freebsd_yubikey_authentication.md
Created
July 13, 2023 16:15
— forked from daemonhorn/freebsd_yubikey_authentication.md
Setting up yubikey/solo2 for piv and fido2 authentication on FreeBSD (Firefox, Chromium, PAM, and SSH)
How to configure FreeBSD and applicable applications to work with Yubikey for authentication. This serves as my work-in-progress documentation of the configuration knobs needed to make this work properly. All tests were performed with an upto date FreeBSD 13.1 x64 installation as of Aug 2022.
- FreeBSD ssh with piv smartcard slot on Yubikey (pkcs11 via
libykcs11.so) - FreeBSD ssh with fido support on Yubikey
- FreeBSD Firefox/Chromium with fido + webauthn support on Yubikey
- FreeBSD local console and gdm authentication using pam on Yubikey
- FreeBSD official YubiKey tools
These functions can co-exist without stomping on each other's usb usage (unlike gpg from my last test). See https://ludovicrousseau.blogspot.com/2019/06/gnupg-and-pcsc-conflicts.html for some background / workarounds.