Bug 1177014
Summary: | F21 - Yubikey U2F (FIDO) Not Supported | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Jeremy Fitzhardinge <jeremy> |
Component: | ykpers | Assignee: | Maxim Burgerhout <maxim> |
Status: | CLOSED NOTABUG | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | unspecified | Docs Contact: | |
Priority: | unspecified | ||
Version: | 21 | CC: | extras-qa, gbcox, jeremy, kevin, maxim, michele, wolfgang.rupprecht |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | All | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | 1157894 | Environment: | |
Last Closed: | 2014-12-26 17:54:10 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Jeremy Fitzhardinge
2014-12-23 19:33:53 UTC
We are using the upstream rules here... they don't have "0120" in them. Is there some reason the upstream project hasn't added that? I do not own this type of Yubikey myself, so I'm 100% sure, but I doubt whether it makes sense to enable the 0120 device id for ykpers. I'm guessing the device w/ id 0120 is the blue security key, which does not have most functionality you would use ykpers or yubikey-personalization-gui for. The forum post linked in the original bug is about permissions on the U2F device to make it usable for a non-root user. The link mentioned in there is to a udev rules file from a project called libu2f-host, which implements the host-side of the U2F protocol. I don't think the ykpers tool is the place to put the udev rules for this. It doesn't make sense to ask people to install a customization tool to use a piece of hardware as-is. There is a RR open for libu2f-host: bug 1155826. In bug 1155826, comment 9 there is a reference to U2F working fine on Fedora with that package installed. Imo that is the short-term way to fix this: get libu2f-host in Fedora. I'm sadly very short on time, but if I find some, I'll try and review that RR. If someone beats me to it: great :) Yeah. The correct udev entry is in the libu2f-host (and submitted to be added to systemd/udev). I can also try and review that request in the coming weeks. ;) In the mean time there's nothing we can do here, so I will close this bug out. |