-
Notifications
You must be signed in to change notification settings - Fork 122
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
How to configure OpenBSD to allow ykman to run as unprivileged user? #445
Comments
Can you try running On another note you could also try using |
FYI, there's no I'll try |
As usual, things are just different on OpenBSD.
|
I was able to run 'ykman' with elevated perms using 'doas'. It turns out there's a 'keepenv' option and using that got me past the DISPLAY issue when trying to run 'yubikey-personalization-GUI', however it still failed b/c it isn't able to execute correctly under 'doas' because Qt can't load the platform plug-in 'xcb' when run this way. |
Ah, my mistake - version 3.1.1 is way before Also, |
Regarding Qt. Both my password manager, which needs to read the Yubikey, and the yubikey-personalization-gui use Qt. |
This uses |
Thanks, I will give this a try next time I get a chance. |
Things might have changed over time, but I wanted to leave a note here about how I resolved the issue. I had to set g+rw permissions on the USB device and ensure that my user was added to the operator group (or wheel). |
YubiKey Manager (ykman) version: 3.1.1
Libraries:
libykpers 1.20.0
libusb 1.0.23
How was it installed?:
pkg_add yubikey-manager
Operating system and version:
OpenBSD 6.9 GENERIC.MP#3 amd64
YubiKey model and version:
Yubikey 5C
Bug description summary:
This isn't a bug, but a request for help with configuration. I was able to detect & configure my yubikey as
root
, however, I can't detect, read, or configure my yubikey as an unprivileged user.Steps to reproduce
$ ykman info
Expected result
Actual results and logs
Other info
pscsd
is running.I'm sure there are some permissions I need to add somewhere, but I'm not sure exactly what's necessary. I tried using
ktrace
to figure out what devices were being opened and read, and then adding group read/write permissions on those devices, but it didn't resolve my issue - I still wasn't able to read/configure the yubikey as an unprivileged user.I need to be able to at least detect and read the yubikey as a normal user so I can use it with my password manager
keepassxc
. Usingdoas
orsudo
doesn't seem to help in this scenario, because when run that way,keepassxc
can't connect to my unprivileged user's DISPLAY.The text was updated successfully, but these errors were encountered: