13.2.1.2.18. Yubikey Token

class privacyidea.lib.tokens.yubikeytoken.YubikeyTokenClass(db_token)[source]

The Yubikey Token in the Yubico AES mode

check_otp(*args, **kwds)[source]

validate the token otp against a given otpvalue

Parameters:
  • anOtpVal (string) – the to be verified otpvalue
  • counter (int) – the counter state. It is not used by the Yubikey because the current counter value is sent encrypted inside the OTP value
  • window (int) – the counter +window, which is not used in the Yubikey because the current counter value is sent encrypted inside the OTP, allowing a simple comparison between the encrypted counter value and the stored counter value
  • options (dict) – the dict, which could contain token specific info
Returns:

the counter state or an error code (< 0):

-1 if the OTP is old (counter < stored counter) -2 if the private_uid sent in the OTP is wrong (different from the one stored with the token) -3 if the CRC verification fails :rtype: int

check_otp_exist(*args, **kwds)[source]

checks if the given OTP value is/are values of this very token. This is used to autoassign and to determine the serial number of a token.

classmethod get_class_info(*args, **kwds)[source]

returns a subtree of the token definition

Parameters:
  • key (string) – subsection identifier
  • ret (user defined) – default return value, if nothing is found
Returns:

subsection if key exists or user defined

Return type:

s.o.

classmethod get_class_prefix()[source]
classmethod get_class_type()[source]
is_challenge_request(*args, **kwds)[source]

This method checks, if this is a request, that triggers a challenge.

Parameters:
  • passw (string) – password, which might be pin or pin+otp
  • user (User object) – The user from the authentication request
  • options (dict) – dictionary of additional request parameters
Returns:

true or false