From e80e082be1a85ca3ff17797ceda4e2346ea77b38 Mon Sep 17 00:00:00 2001 From: Maxim Cournoyer Date: Wed, 26 Jul 2023 15:53:00 -0400 Subject: doc: cookbook: Document how to disable the Yubikey OTP application. * doc/guix-cookbook.texi (Using security keys) : New subsection. Reviewed-by: John Kehayias --- doc/guix-cookbook.texi | 24 +++++++++++++++++++++--- 1 file changed, 21 insertions(+), 3 deletions(-) diff --git a/doc/guix-cookbook.texi b/doc/guix-cookbook.texi index aa3d6debbd..87430b741a 100644 --- a/doc/guix-cookbook.texi +++ b/doc/guix-cookbook.texi @@ -21,7 +21,7 @@ Copyright @copyright{} 2020 Brice Waegeneire@* Copyright @copyright{} 2020 André Batista@* Copyright @copyright{} 2020 Christine Lemmer-Webber@* Copyright @copyright{} 2021 Joshua Branson@* -Copyright @copyright{} 2022 Maxim Cournoyer@* +Copyright @copyright{} 2022, 2023 Maxim Cournoyer@* Copyright @copyright{} 2023 Ludovic Courtès Permission is granted to copy, distribute and/or modify this document @@ -127,7 +127,7 @@ System Configuration * Dynamic DNS mcron job:: Job to update the IP address behind a DuckDNS host name. * Connecting to Wireguard VPN:: Connecting to a Wireguard VPN. * Customizing a Window Manager:: Handle customization of a Window manager on Guix System. -* Running Guix on a Linode Server:: Running Guix on a Linode Server. Running Guix on a Linode Server. +* Running Guix on a Linode Server:: Running Guix on a Linode Server. * Setting up a bind mount:: Setting up a bind mount in the file-systems definition. * Getting substitutes from Tor:: Configuring Guix daemon to get substitutes through Tor. * Setting up NGINX with Lua:: Configuring NGINX web-server to load Lua modules. @@ -1574,7 +1574,7 @@ reference. * Dynamic DNS mcron job:: Job to update the IP address behind a DuckDNS host name. * Connecting to Wireguard VPN:: Connecting to a Wireguard VPN. * Customizing a Window Manager:: Handle customization of a Window manager on Guix System. -* Running Guix on a Linode Server:: Running Guix on a Linode Server. Running Guix on a Linode Server. +* Running Guix on a Linode Server:: Running Guix on a Linode Server. * Setting up a bind mount:: Setting up a bind mount in the file-systems definition. * Getting substitutes from Tor:: Configuring Guix daemon to get substitutes through Tor. * Setting up NGINX with Lua:: Configuring NGINX web-server to load Lua modules. @@ -2134,6 +2134,24 @@ security key'' menu. If it works, congratulations, your security key is ready to be used with applications supporting two-factor authentication (2FA). +@subsection Disabling OTP code generation for a Yubikey +@cindex disabling yubikey OTP +If you use a Yubikey security key and are irritated by the spurious OTP +codes it generates when inadvertently touching the key (e.g. causing you +to become a spammer in the @samp{#guix} channel when discussing from +your favorite IRC client!), you can disable it via the following +@command{ykman} command: + +@example +guix shell python-yubikey-manager -- ykman config usb --force --disable OTP +@end example + +Alternatively, you could use the @command{ykman-gui} command provided by +the @code{yubikey-manager-qt} package and either wholly disable the +@samp{OTP} application for the USB interface or, from the +@samp{Applications -> OTP} view, delete the slot 1 configuration, which +comes pre-configured with the Yubico OTP application. + @node Dynamic DNS mcron job @section Dynamic DNS mcron job -- cgit v1.2.3