It would be great to be able to set yubikey optional before assigned for specific roles, and yet still be able to allow(require) uid1 (specific roles, optionally) to log in with ONLY yubikey OTP and no password.

IMO, the current one-setting-fits-all of this otherwise great module is far too limiting and makes the solution inflexible.

Comments

Leeteq’s picture

Leeteq CreditAttribution: Leeteq commented

PS. In order to not have to change the default login block or login page, I imagine that with this feature request we could keep the red star indicating a required password field, but then hijack the response form if submitted with a valid yubikey for a role that is allowed to log in with only the OTP, then let the user enter without presenting the drupal error message about the missing, required password field.

This setting is mostly for admins, who should know/be informed about just that tweak, hence no real need to work around that part, IMO.