PAM and Yubikey OTP
0 vote
Is it possible to have a RDM write a password checked out in PAM to a Yubikey slot? This would be useful for technicians who need to use their administrator account to install or uninstall software that requires Windows UAC credentials, but our org has UAC setup in a secure environment so we cannot paste a password. If the password was stored on the Yubikey, it can be touched to fill in the password. Currently, we are manually copying the password to the Yubikey slot, but if this can be automated during checkout it would be more efficient.
**EDIT** I said OTP, I meant Static Password option in Yubikey. My apologies
All Comments (4)
Hi kseay1,
Thank you for your feedback. This isn't something we are currently planning to support, but we will keep it in mind for the future.
Best regards,
Luc Fauvel
Hi @kseay1,
Just wanted to let you know we’ve implemented a “Copy password to Yubikey” button in RDM 2026.1, any password can now be copied into a Yubikey slot.
Cheers,
Luc Fauvel
Oh nice! I'll check that out. I have been using the Powershell modules to check out my account and ykman Powershell to write to the Yubikey. I made myself a nice little script to activate my Microsoft PIM and checkout my PAM password and write it
Side note, there is currently a bug where the copy to Yubikey action doesn’t appear for certain PAM entries, we’re testing a patch right now so stay tune if you run into this issue. We’ll try to push it out in within the next 2 weeks or so.
Luc Fauvel