OpenBSD Yubikey Authentication with PIN

I think that using the Yubikey for authentication is worthwhile. OpenBSD's current implementation of login_yubikey.c, however, relies entirely on the one-time password. I think the system would be stronger combining the Yubikey with an additional PIN so that a compromise of the physical security of the token doesn't compromise the associated account. My work is loosely based off of Remi Locherer's suggested patch. Where it differs is that I'd like to add an optional additional PIN to the authentication rather than use an existing credential, such as the system password. [Read More]