mac problems

[klali]

There seems to be problems using the library and tools on mac, most of these issues seem to be on 10.7.
This might be a permissions issue and work better as root.

[mig5]

As per request from Yubico/yubico-pam#24 (comment)

Miguels-MacBook-Pro:~ miguel$ ykinfo -a
USB error: kIOReturnSuccess

(same result as if I ran ykpamcfg -2, trying to get challenge response to work on slot 2)

It works if I use sudo (e.g am root)

sh-3.2# ykinfo -a
serial: XXXXXXX
serial_hex: XXXXX
serial_modhex: XXXX
version: 3.2.0
touch_level: 1287
programming_sequence: 3

Mac OS X 10.9.2
Tested with Yubikey standard and Yubikey neo

[mig5]

P.S I had no problem with the personalization tool on Mac as was otherwise reported in Yubico/yubikey-personalization-gui#25 - I programmed Slot 2 in Challenge Response mode but am unable to generate the challenge for it into ~/.yubico unless I use sudo/root to avoid the kIOReturnSuccess error above.

I am therefore not convinced it's an issue with the Personalization Tool but with permission related to USB devices in OS X 10.9.

See http://forum.yubico.com/viewtopic.php?t=1169&p=4373

[mig5]

This might be relevant? (see last comment) http://stackoverflow.com/questions/13629199/how-can-a-daemon-user-access-hid-devices-without-getting-kioreturnnotprivileged

[mig5]

Found the problem: I had the setting 'Secure Keyboard Entry' turned on in my iTerm/Terminal. Something about this setting triggers some OS X setting designed to prevent keylogging, which appears to have prevented the ykinfo/ykpamcfg tools from interacting with what OS X considered to be a keyboard.

Disabling 'Secure Keyboard Entry' allowed me to run ykpamcfg and get my screensaver 2-factor auth working!

[jas4711]

I'm happy you resolved this. We'll add this to our documentation. I'm not convinced this is the only Mac-related issue, though, so I'm keeping this issue open to track other Mac issues.

[pkutzner]

This is still an issue in OS X 10.10 (Yosemite). I'm running iTerm2 and I have 'Secure Keyboard Entry' disabled and I still cannot use the yk* tools as a non-admin user. I also tried directly via Terminal.app and experience the same problem. I'm guessing it probably has to do with the stackoverflow topic linked by mig5.

EDIT: The obvious method of setting suid on the binaries does cause them to work but, of course, is not optimal.

[dfeyer]

@pkutzner You need to restard iTerm2 after disabling Secure Keyboard Entry and it work fine on Yosemite

[exgete]

Hi,

I'm french...;-) Today 9 march 2015

I m testing yubico neo for french medical issue ( of Accounting Double Certification).
:oops: :oops:
A big bug with this issue ...
the pb:when I'm program Static password.I'm using a french (azerty) keyboard, so I need to enable the "use numeric keyboard" option. but in keyboard: choose a layout... I only find :US keyboard...
The neo fails typing numbers (when used as a USB key). on a mac...
PS:
This work if i change the keyboard to us keyboard.
But I m in french by default;-(

Can i have an idea of when is resolve? .

Thank

[devx]

I ran in to the same problem, I believe the issue is with access to the USB devices. However the odd part about this is that I have two macs. One with disk encryption (macbook pro) the other a desktop with out it, and the one with disk encryption does not work. I wonder if any of you having issues with the Mac are also using disk encryption?.

Output from Macbook Pro

➜ yubikey ykinfo -a
USB error: kIOReturnSuccess
➜ yubikey sudo ykinfo -a
serial: xxxxxxxx
serial_hex: xxxxxxxx
serial_modhex: xxxxxxxx
version: 3.4.0
touch_level: 1551
programming_sequence: 3
slot1_status: 1
slot2_status: 1
vendor_id: 1050
product_id: 111
-Victor

[devx]

I resolved my issue by removing all the opensc-tools, gpg, and then reboot(not sure if the reboot was needed).

[thorduri]

Can this issue be closed ?

As of today, building on OSX and using the tool as described works pretty fine (OSX 10.11.6).

[luginbash]

Don't close, I just had the same problem, and I have opensc-tools/gpg. Maybe something locked the device?

[thorduri]

@methou Could you dump your system information, as well as related software versions and installation methods (e.g. opensc-tools, gpg, yuibkey-personalization etc ?).

Are you perchance running gpg-agent as well ?

[luginbash]

@thorduri unfortunately, my MacBook was sent in for repair, and I'm not getting it back for at least a week. The problem is exactly like what they've described before, that you have to sudo to get it working properly. For all I know, I was using the latest Homebrew versions of opensc-tools and GnuPG 2.1 on 2016-10-02, my mac is a late 2013 model running macOS Sierra with latest updates. iirc, I had no problem with CLI ykneo-manager on El Capitan.

I think I'll be settled with sudo and/or GUI tools.

[jbaruch]

Same here, USB error: kIOReturnExclusiveAccess on 1.17.3 with or without sudo on Sierra.

[jupp0r]

Same here:

sudo ykinfo -a
USB error: kIOReturnExclusiveAccess`

On 10.12.2, yubikey neo

[bisko]

Shared in the Yubico/yubikey-personalization-gui#25 as acomment. Adding here too:

I just noticed something else that can cause the kIOReturnExclusiveAccess error in the Diagnostics screen, which you can access by Right-clicking the yubico logo on the bottom right.

If you're running a keyboard altering tool, like Karabiner ( old KeyRemap4MacBook or the newer version Karabiner-Elements ) it may be causing the Secure Keyboard Entry protection or something similar to it to activate, which blocks access to the YubiKey.

Try to stop all possible external tools you may have installed and see if the YubiKey will get recognized.

UPDATE: It seems that there is no need to quit Karabiner-Elements. You just have to untick the YubiKey in "Modify events from this device" under the Devices tab. I think it needs to be done for each key if there are multiple keys.

cc @jbaruch @jupp0r

[magiconair]

I can confirm that the @bisko workaround of configuring Karabiner-Elements to not modify events from the yubikey solves the USB error: kIOReturnExclusiveAccess problem on sierra (10.12). Also, no need to run the yubikey tools with sudo.

[chiefy]

Any way this can be put on the public website FAQ (the Karabiner-Elements issue)? I just spent like 2 hours trying to figure out why my YubiKey4 wasn't working on Sierra.

[mennanov]

Unfortunately this issue is still relevant.
brew uninstall gpg resolved it for me, although that means i can't use gpg anymore :)

Any suggestions on how to make it work?

Update: everything seems to work fine with GPG Suite installed from https://gpgtools.org/

[thobryan]

I have the same issue. I uninstalled gpg but I still getting this error. But the error is intermittent, usually it happens few yours after login. I am using the MacBook Pro (2017) with USB-C adaptor to be able to recognise my yubikey nfc. I wonder how I can provide more debug information.

As a regular user:

ykinfo -s
USB error: kIOReturnSuccess

as a root:

ykinfo -s
serial: 9638XXX

I am using Mac Mojave (10.14.5).

This issue is quite annoying because when it happens I am not able to use KeePassXC since the Yubikey is not recognised anymore.

[goodc0re]

I am having the same problem as @thobryan also on a Macbook Pro also on macOS Mojave.

The KeePassXC problem is my main problem.
When running KeePassXC as root, it does detect the YubiKeys again.

Yubico/yubikey-personalization-gui#25
keepassxreboot/keepassxc#3970

[mlcloudsec]

Same here. Happens a few hours after login in. It might be related to the "secure keyboard" entry and or Keybase; noticed the issue happening always after opening either the terminal or keybase.

[uhlhosting]

Not working... sad that such tools are advertised on the website, yet updating them was left to...