From 7bb71342da933e1dc4d9f57c5b4b5223f4c76a23 Mon Sep 17 00:00:00 2001
From: Jeff Moe <moe@forksand.com>
Date: Tue, 7 May 2019 10:23:46 -0600
Subject: [PATCH] yubikey workstation setup

---
 source/resources/apps/yubikey/README.md | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)
 create mode 100644 source/resources/apps/yubikey/README.md

diff --git a/source/resources/apps/yubikey/README.md b/source/resources/apps/yubikey/README.md
new file mode 100644
index 0000000..382b898
--- /dev/null
+++ b/source/resources/apps/yubikey/README.md
@@ -0,0 +1,16 @@
+sudo yubikey-personalization-gui
+Use:
+- HMAC-SHA1
+- Configuration slot 1
+- Require user input (button press)
+- Yubikey unprotected (keep it that way)
+- Click <Generate>
+Set it to use challenge response (no password):
+sudo su -
+#ykpersonalize -1 -ochal-resp -ochal-hmac -ohmac-lt64 -oserial-api-visible
+mkdir ~/.yubico
+ykpamcfg -1 -v
+mv .yubico/ /home/forksand/
+chown -R forksand:forksand /home/forksand/.yubico/
+vim /etc/pam.d/common-auth
+