Yubikey4 Two-factor authentication

1
2

> brew install libyubikey pam_yubico yubico-piv-tool Caskroom/cask/yubikey-piv-manager

关闭osx sip机制

重启按住Command + R进入重置模式>>选择语言>>实用工具>>终端,输入如下命令关闭

1
> csrutil disable

反之开启命令:

1
> csrutil enable

插入yubico4,打开YubiKey PIV Manager
点击Setup for macOS设置PIN

下载

pam_yubico

yubikey-personalization-gui

1
2
3
4
5
6
7
8
> sudo ln -s /usr/local/Cellar/pam_yubico/2.23/lib/security/pam_yubico.so /usr/local/lib/security/pam_yubico.so
> sudo vi /etc/pam.d/authorization
# authorization: auth account
auth optional pam_krb5.so use_first_pass use_kcminit
auth optional pam_ntlm.so use_first_pass
auth required pam_opendirectory.so use_first_pass nullok
auth required /usr/local/lib/security/pam_yubico.so mode=challenge-response
auth required pam_opendirectory.so

重启电脑输入PIN密码