Hi John,
John Kehayias <john.kehayias@protonmail.com> writes:
Toggle quote (43 lines)
> Hi Maxim,
>
> On Wed, Jul 26, 2023 at 03:56 PM, Maxim Cournoyer wrote:
>
>> * doc/guix-cookbook.texi (Using security keys)
>> <Disabling OTP code generation for a Yubikey>: New subsection.
>> ---
>> doc/guix-cookbook.texi | 12 ++++++++++++
>> 1 file changed, 12 insertions(+)
>>
>> diff --git a/doc/guix-cookbook.texi b/doc/guix-cookbook.texi
>> index 2e58c6c795..8f2cb2369e 100644
>> --- a/doc/guix-cookbook.texi
>> +++ b/doc/guix-cookbook.texi
>> @@ -2022,6 +2022,18 @@ Using security keys
>> ready to be used with applications supporting two-factor authentication
>> (2FA).
>>
>> +@subsection Disabling OTP code generation for a Yubikey
>> +@cindex disabling yubikey OTP
>> +If you use a Yubikey security key and are irritated by the spurious OTP
>> +codes it generates when inadvertently touching the key (e.g. causing you
>> +to become a spammer in the @samp{#guix} channel when discussing from
>> +your favorite IRC client!), you can disable it via the following
>> +@command{ykman} command:
>> +
>> +@example
>> +guix shell python-yubikey-manager -- ykman config usb --force --disable OTP
>> +@end example
>> +
>> @node Connecting to Wireguard VPN
>> @section Connecting to Wireguard VPN
>>
>>
>> base-commit: c7e45139faa27b60f2c7d0a4bc140f9793d97d47
>
> I'm not necessarily against it, but this seems only related to yubikey
> management in general (on Linux), rather than anything specific to Guix.
> Of course, 'guix shell' is a handy way to do this, I just don't know if
> this is needed in the cookbook. Then again, I guess the cookbook is a
> way to build up associated knowledge for Guix, which won't be included
> directly in the manual.
You are right that it's not specifically related to Guix, but I expects
users going through setuping a Yubikey on Guix to want to know how to do
that (I spent months spamming #guix with OTP codes before Ricardo shared
that tip with me, so it was not easy to discover). The Cookbook as I
understand it is a loose collection of knowledge of how to do things
using Guix, and is distinct from the user manual.
Toggle quote (3 lines)
> Otherwise, LGTM, but a user should be aware if they are using/needed OTP
> before disabling it.
I'm not sure when OTP is useful; it's not useful for the current use
case I'm using my Yubikey (which is currently the two-factor
authentication on web sites).
--
Thanks,
Maxim