[prev in list] [next in list] [prev in thread] [next in thread]
List: freebsd-hackers
Subject: Re: Default Yubikey dev permissions
From: Tom Jones <thj () freebsd ! org>
Date: 2019-02-28 20:43:52
Message-ID: 20190228204352.GA14862 () tom-desk ! erg ! abdn ! ac ! uk
[Download RAW message or body]
On Tue, Feb 26, 2019 at 05:25:56PM -0500, Farhan Khan (F8DA C0DE) via freebsd-hackers \
wrote:
> Hi all,
>
> I am experimenting with a Yubikey, a consumer grade smart card that stores \
> certificates and passwords. I found that running 'gpg --card-status' does not work \
> without root access. By default /dev/usb/0.2.0 (my yubikey) permission is 0600, \
> owned by root. Without changing these permissions, the normal users would not be \
> able to access the device.
> Of course making the permissions too broad leaves it open to a rogue user with any \
> terminal access (ie, via SSH). However, it is still protected by a 6-digit pin that \
> will lock out after a default of 3 failed attempts.
> Is it worth opening up the default permissions? Thoughts?
I use pcscd (pcsc-lite in ports) with ccid to use my yubikey for gpg
operations.
- [tj]
_______________________________________________
freebsd-hackers@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-hackers
To unsubscribe, send any mail to "freebsd-hackers-unsubscribe@freebsd.org"
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic