From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp12.migadu.com ([2001:41d0:403:478a::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms9.migadu.com with LMTPS id 6EVyAI3JwmTHJgEASxT56A (envelope-from ) for ; Thu, 27 Jul 2023 21:46:21 +0200 Received: from aspmx1.migadu.com ([2001:41d0:403:478a::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp12.migadu.com with LMTPS id oExeAI3JwmQAagEAauVa8A (envelope-from ) for ; Thu, 27 Jul 2023 21:46:21 +0200 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 70E4B60C92 for ; Thu, 27 Jul 2023 21:46:20 +0200 (CEST) Authentication-Results: aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=gmail.com header.s=20221208 header.b=o4nE9Fu1; spf=pass (aspmx1.migadu.com: domain of "guix-patches-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-patches-bounces+larch=yhetil.org@gnu.org"; dmarc=fail reason="SPF not aligned (relaxed)" header.from=gmail.com (policy=none) ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1690487180; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:resent-cc:resent-from:resent-sender: resent-message-id:in-reply-to:in-reply-to:references:references: list-id:list-help:list-unsubscribe:list-subscribe:list-post: dkim-signature; bh=p7MmLfgz0gzGERLpEJKkql/yNz7BetIDS7TNd7gviDE=; b=ST0H39YX40Dec6zNB+Lyli1r6EIwxLAYd8mivHDG6ogDXWVWAWGA4XZ/I4DmtgpCQL5B7z lj/tgXgay9QjUBhlGzvw3UKSH7krlePbfnzhmSJFsaGdIWpdoO780XD4jeJH67Ney074zi 3xoUGFDSFoJKcIzKrOrbuz/HtwB5lsHXsCU8uykiuffc9FDlM9/Mi2280DnsfaF2/+oaJK 0M5IvlZih8XUvftYiYbEpYGevkqpfV9yRLngnkhQnOR6f98KAEw6Pjk6TSICNykPFkvgrR EGTWCu+UmWbEV5SBZ5qsPE7wBQVwxMC5Dw+MLneIFkFzXhPOQm4zPfjZKAee4Q== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=gmail.com header.s=20221208 header.b=o4nE9Fu1; spf=pass (aspmx1.migadu.com: domain of "guix-patches-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-patches-bounces+larch=yhetil.org@gnu.org"; dmarc=fail reason="SPF not aligned (relaxed)" header.from=gmail.com (policy=none) ARC-Seal: i=1; s=key1; d=yhetil.org; t=1690487180; a=rsa-sha256; cv=none; b=jDkCVOjMK/KDEFwm/UOSpoERQLS5N10YbZzS6NOSCt3vtkyhL8b7NkqMD6ID4fX1OhJcIL MKLCZZlkmbfwGYaSKOa/qgjNk20IDb7zqFnDlDW5h3lfXP5qLNOPWqhBeFpQGcRr51BO1+ 3ZV0sQiWczoYXIAukPgOpHoNz5+P+m55m0pWazh3yCEZj5k7a69DTuOLjJ6zrSsFm7Q9bi ROALLRSrb+cA9ya0EcFAj0axinj9DXjsPJjIJkgYAUclKsqW8fzHpTwNl1Rrmy5Ivj9pLe Fcn9jO2P+ehw7BMSiPe8okbdo95TlI2aucsgICXSdchy5FeNOnVaessa2kvQBw== Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1qP6cf-0001Pd-NT; Thu, 27 Jul 2023 15:26:05 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1qP6cd-0001PO-Bq for guix-patches@gnu.org; Thu, 27 Jul 2023 15:26:03 -0400 Received: from debbugs.gnu.org ([2001:470:142:5::43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1qP6cc-0008He-1D for guix-patches@gnu.org; Thu, 27 Jul 2023 15:26:02 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1qP6cb-0005ni-Kw for guix-patches@gnu.org; Thu, 27 Jul 2023 15:26:01 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#64882] [PATCH] doc: cookbook: Document how to disable the Yubikey OTP application. Resent-From: Maxim Cournoyer Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Thu, 27 Jul 2023 19:26:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 64882 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: John Kehayias Cc: 64882@debbugs.gnu.org Received: via spool by 64882-submit@debbugs.gnu.org id=B64882.169048595322277 (code B ref 64882); Thu, 27 Jul 2023 19:26:01 +0000 Received: (at 64882) by debbugs.gnu.org; 27 Jul 2023 19:25:53 +0000 Received: from localhost ([127.0.0.1]:43161 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1qP6cS-0005nE-O1 for submit@debbugs.gnu.org; Thu, 27 Jul 2023 15:25:53 -0400 Received: from mail-ot1-x332.google.com ([2607:f8b0:4864:20::332]:56521) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1qP6cO-0005mp-V2 for 64882@debbugs.gnu.org; Thu, 27 Jul 2023 15:25:51 -0400 Received: by mail-ot1-x332.google.com with SMTP id 46e09a7af769-6b9aadde448so1134425a34.0 for <64882@debbugs.gnu.org>; Thu, 27 Jul 2023 12:25:48 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20221208; t=1690485943; x=1691090743; h=mime-version:user-agent:message-id:in-reply-to:date:references :subject:cc:to:from:from:to:cc:subject:date:message-id:reply-to; bh=p7MmLfgz0gzGERLpEJKkql/yNz7BetIDS7TNd7gviDE=; b=o4nE9Fu1FpGCNwN3R8wFA+e5ULwKzX6dqj9gwittkrdYWHalHm5OfTAOpk0Cmvoe0D qJgmz8QCkfq/tSWTYFnLUqMPmI+24VbUna1OvOGXDw6ePcTnCXqqy0B9lm298bg1hb5+ MLp2Ufl04VQr/OKHmwSKxdoBNZbRmYHzNQ7hg9codCWAFtFk20TWt18vx95sWQtf+6Z1 m6Y4rsXcJNGWjvlZmWiVenjmxl4Upi8/ukqP+H1ZXJrZbaPQgFaF/osJ9JHyK0zGrbkV vrF4pTQO4ZufDA3I5lGc1NKsr4JPBn8gqzP7Y8vLVH5pfT2KuOi9m30w7gQtO5POw1sA vfZw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1690485943; x=1691090743; h=mime-version:user-agent:message-id:in-reply-to:date:references :subject:cc:to:from:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=p7MmLfgz0gzGERLpEJKkql/yNz7BetIDS7TNd7gviDE=; b=Ydrmu18nk7GR+ZO879K6jqrOXzQNR87F0B1WxKi1NTIMlb/lgag+sN4XKTJ2q9E35C PzydL9sDyRjpSXohwvA1uVXiA4KmAVcXDB57wrARRXZGrbjIElBXyMaeMnbKnuTgWHLZ 40tQSdbQYynTIJUmEN6lbpa7Oz15V+5YvchFORjJYgrqPHjuPDoIuBwG8VglE7tOQB1a 7aes00qlrzNc1fSKR8nnEVBNjWnuKfcATwRdZUgHfC5uUwJSEVnzt5wGtiEx98Yfk3Fg EdU7Xik89Nnbn72WGcoWEnn+Oj8fBjVw+Lx2OhzhkFf71+ODRBlr+/GjQ5Z5s7/KRMMK +PYQ== X-Gm-Message-State: ABy/qLavJNvFzmsPegtbMvDC5X1qMsig5525ofmlVKdn488+YXPCeAqC DbEu2K6Z0gIep83xfMv/Q19BKjEkBdcfww== X-Google-Smtp-Source: APBJJlFwHZR9Zxk3VS9OSUANSIKWRf6eFSEqMcdjv+gi0SO0rFa0ceoTz9sr+pr6j8XWCl8enPbIag== X-Received: by 2002:a05:6358:2610:b0:134:d559:259a with SMTP id l16-20020a056358261000b00134d559259amr446307rwc.17.1690485942718; Thu, 27 Jul 2023 12:25:42 -0700 (PDT) Received: from hurd (dsl-205-233-124-231.b2b2c.ca. [205.233.124.231]) by smtp.gmail.com with ESMTPSA id j10-20020ac8550a000000b003eabcc29132sm629771qtq.29.2023.07.27.12.25.41 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 27 Jul 2023 12:25:42 -0700 (PDT) From: Maxim Cournoyer References: <87ila5i63v.fsf@protonmail.com> Date: Thu, 27 Jul 2023 15:25:41 -0400 In-Reply-To: <87ila5i63v.fsf@protonmail.com> (John Kehayias's message of "Thu, 27 Jul 2023 18:04:12 +0000") Message-ID: <87mszhxikq.fsf@gmail.com> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/28.2 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+larch=yhetil.org@gnu.org Sender: guix-patches-bounces+larch=yhetil.org@gnu.org X-Migadu-Flow: FLOW_IN X-Migadu-Country: US X-Spam-Score: 4.35 X-Migadu-Queue-Id: 70E4B60C92 X-Migadu-Spam-Score: 4.35 X-Migadu-Scanner: mx0.migadu.com X-TUID: Z0KlZI5ztEgM Hi John, John Kehayias writes: > Hi Maxim, > > On Wed, Jul 26, 2023 at 03:56 PM, Maxim Cournoyer wrote: > >> * doc/guix-cookbook.texi (Using security keys) >> : New subsection. >> --- >> doc/guix-cookbook.texi | 12 ++++++++++++ >> 1 file changed, 12 insertions(+) >> >> diff --git a/doc/guix-cookbook.texi b/doc/guix-cookbook.texi >> index 2e58c6c795..8f2cb2369e 100644 >> --- a/doc/guix-cookbook.texi >> +++ b/doc/guix-cookbook.texi >> @@ -2022,6 +2022,18 @@ Using security keys >> ready to be used with applications supporting two-factor authentication >> (2FA). >> >> +@subsection Disabling OTP code generation for a Yubikey >> +@cindex disabling yubikey OTP >> +If you use a Yubikey security key and are irritated by the spurious OTP >> +codes it generates when inadvertently touching the key (e.g. causing you >> +to become a spammer in the @samp{#guix} channel when discussing from >> +your favorite IRC client!), you can disable it via the following >> +@command{ykman} command: >> + >> +@example >> +guix shell python-yubikey-manager -- ykman config usb --force --disable OTP >> +@end example >> + >> @node Connecting to Wireguard VPN >> @section Connecting to Wireguard VPN >> >> >> base-commit: c7e45139faa27b60f2c7d0a4bc140f9793d97d47 > > I'm not necessarily against it, but this seems only related to yubikey > management in general (on Linux), rather than anything specific to Guix. > Of course, 'guix shell' is a handy way to do this, I just don't know if > this is needed in the cookbook. Then again, I guess the cookbook is a > way to build up associated knowledge for Guix, which won't be included > directly in the manual. You are right that it's not specifically related to Guix, but I expects users going through setuping a Yubikey on Guix to want to know how to do that (I spent months spamming #guix with OTP codes before Ricardo shared that tip with me, so it was not easy to discover). The Cookbook as I understand it is a loose collection of knowledge of how to do things using Guix, and is distinct from the user manual. > Otherwise, LGTM, but a user should be aware if they are using/needed OTP > before disabling it. I'm not sure when OTP is useful; it's not useful for the current use case I'm using my Yubikey (which is currently the two-factor authentication on web sites). -- Thanks, Maxim