Date: Wed, 3 Jun 2020 15:19:01 -0000 (UTC) From: Christian Weisgerber <naddy@mips.inka.de> To: freebsd-questions@freebsd.org Subject: Re: FIDO authentication Message-ID: <slrnrdffr5.1hrp.naddy@lorvorc.mips.inka.de> References: <24270.62418.992039.257025@jerusalem.litteratus.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On 2020-05-27, Robert Huff <roberthuff@rcn.com> wrote:
> Various sites are reporting the FIDO Alliance
> ("https://www.fidoalliance.org") has announced a major common
> authentication initiative support by (/inter alia/) Google, Microsoft,
> and Apple.
> I'm assuming this requires some level of OS support; is anyone in
> the FreeBSD community aware of/interested in this?
I depends on where you want to make use of this type of authentication.
At the application level, you only need access to uhid(4) devices.
You can install the security/u2f-devd port and add the user to group
u2f. That is enough to use basic U2F (FIDO1) support in Firefox.
uhid1 on uhub0
uhid1: <Yubico Security Key by Yubico, class 0/0, rev 2.00/5.12, addr 19> on usbus0
Works fine for me at
https://demo.yubico.com/
OpenSSH 8.2 has added support for U2F/FIDO hardware authenticators:
https://www.openssh.com/txt/release-8.2
I haven't checked to what degree the security/openssh-portable port
supports this.
--
Christian "naddy" Weisgerber naddy@mips.inka.de
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?slrnrdffr5.1hrp.naddy>