Configuring PAM for use with YubiKey

The following section describes how to configure the Yubico YubiKey 5 FIPS Series for use as a second factor to authenticating to a privileged credential on the Tellaro Console by assigning a PIN to it. This is only required if you want to enforce PIN for Linux login.

These steps were performed on a Window 10 64-bit computer; however, it is conceivable that the steps will be identical on all platforms supported by Yubico. When performing this installation, the user must have Administrator privileges on the computer.

1. Download the YubiKey Manager from Yubico’s website.
2. Install the downloaded software and run it as administrator.
3. If you have not already inserted the YubiKey into a USB Type-A slot on your computer, you will be prompted to insert one.
4. You should see the YubiKey Manager’s Home screen – displaying the model name, firmware release number, as well as the serial number of the Security Key.
   
   
   
5. Choosing the Applications menu item, select the FIDO2 option.
   
   
   
6. This should display the FIDO2 page. If the status of the FIDO2 Pin indicate that No Pin is set, click  on the Set Pin button.
   However, if the slot indicates Pin is set, select the Reset FIDO button to delete its contents before setting up a new pin.
   
   
   Configure the desired pin and click on Set Pin button.
   
   
   
7. Once a pin has been successfully set, you will see the below screen.