A Yubikey is a small material token manufactured by Yubico. It sends an OTP, which is validated via Yubico server.
You must install Auth::Yubikey_WebClient package.
You have to retrieve a client ID and a secret key from Yubico. See Yubico API page.
In the manager (second factors), you just have to enable it:
Attention
If you want to use a custom rule for “activation” and
want to keep self-registration, you must include this in your rule:
$_2fDevices =~ /"type":\s*"UBK"/s
, else Yubikey will be required
even if users are not registered. This is automatically done when
“activation” is simply set to “on”.
If you don’t want to use self-registration, set public part of user’s yubikey in Second Factor Devices array (JSON) in your user-database. Then map it to the _2fDevices attribute (see exported variables):
[{"name" : "MyYubikey" , "type" : "UBK" , "_secret" : "########" , "epoch":"1524078936"}, ...]
If you have enabled self registration, users can register their U2F keys using https://portal/2fregisters