Provisioning YubiKeys in Bulk / from Remote Workstations
If you do not have direct physical console access to your domain, or if you want to program a batch of keys efficiently in one sitting, then you can use the following process.
From AuthLite.com/downloads, install the "YubiKey Programmer" standalone program on your workstation.
- Launch it from the Start Menu item called "AuthLite Key Programmer"
Configure slot #1 for "AuthLite OTP" and slot #2 to "AuthLite Challenge/Response". More information on how AuthLite uses YubiKeys.
- AuthLite ships YubiKeys with Smart card support Disabled. This is not mandatory for use, but can prevent Windows from being confused about the key when you plug it in each time. You can use this screen to disable smart card support if you purchased your YubiKeys elsewhere.
If you are using shorter public IDs than the default, specify the number of bytes on this page as well.
Random public IDs can be used if you have a large number of ID bytes. If you are using very short IDs, you should NOT randomly-generate them because you will end up with collisions (more than one key programmed with the same ID, which will cause an import error).
When ready, click “Start Programming”, and each time you plug in a YubiKey it will be programmed.
Remove the YubiKey when the status reads “DONE (remove key)”. Do not click “Finish” at this point, if you have more keys to program.
You can continue to plug in new keys and program them. When finished with all keys, click the “Finish” button.
Save the resulting XML file.
Note: This file should be considered sensitive information, as it contains all the secret values programmed into the keys. Treat this with the same security measures you would use for a password list or other secure document.