Changes
some more notes on auth with pam
The '''Yubikey''' is a [[w:security token|security token]], intended to be used for [[w:Two-factor authentication|two-factor authentication]], that emulates a keyboard to enter one-time passwords generated using an AES encryption key embedded on the device. There is also support for static passwords and [[w:HMAC|HMAC-SHA1]] challenge/response authentication. The newest Yubikey models (4 and Neo) also support [https://developers.yubico.com/U2F/ U2F], a standard created by the [https://fidoalliance.org/ FIDO Alliance] for strong 2nd factor authentication. Yubikey supports OAUTH TOTP and HOTP standards for one-time passwords as well, and can be used with open PGP and PIV digital signatures and encryption. Some models also support these features over NFC with Android devices. Yubico, the company which sells the Yubikey, also provides [https://developers.yubico.com/Software_Projects/ software] for many 2FA purposes.
PAM modules for the Yubikey make it possible to use it for single or multi-factor authentication schemes on workstations and servers. Of most interest are libpam-yubikey and libpam-u2f, but libpam-pkcs11, libpam-radius-auth, and several htop/totp modules are also likely usable with the yubikey.
== PAM two-factor Yubikey One-Time Password authentication ==
