13.2.1.2.18. Yubikey Token¶
-
class
privacyidea.lib.tokens.yubikeytoken.
YubikeyTokenClass
(db_token)[source]¶ The Yubikey Token in the Yubico AES mode
-
check_otp
(*args, **kwds)[source]¶ validate the token otp against a given otpvalue
Parameters: - anOtpVal (string) – the to be verified otpvalue
- counter (int) – the counter state. It is not used by the Yubikey because the current counter value is sent encrypted inside the OTP value
- window (int) – the counter +window, which is not used in the Yubikey because the current counter value is sent encrypted inside the OTP, allowing a simple comparison between the encrypted counter value and the stored counter value
- options (dict) – the dict, which could contain token specific info
Returns: the counter state or an error code (< 0):
-1 if the OTP is old (counter < stored counter) -2 if the private_uid sent in the OTP is wrong (different from the one stored with the token) -3 if the CRC verification fails :rtype: int
-
check_otp_exist
(*args, **kwds)[source]¶ checks if the given OTP value is/are values of this very token. This is used to autoassign and to determine the serial number of a token.
-
classmethod
get_class_info
(*args, **kwds)[source]¶ returns a subtree of the token definition
Parameters: - key (string) – subsection identifier
- ret (user defined) – default return value, if nothing is found
Returns: subsection if key exists or user defined
Return type: s.o.
-
is_challenge_request
(*args, **kwds)[source]¶ This method checks, if this is a request, that triggers a challenge.
Parameters: - passw (string) – password, which might be pin or pin+otp
- user (User object) – The user from the authentication request
- options (dict) – dictionary of additional request parameters
Returns: true or false
-