Enrolling Yubikey with macOS using yubikey_mass_enroll


I have seem to run into an issue enrolling Yubikeys using the yubikey_mass_enroll command on macOS. The command acknowledges that a Yubikey is present but then stalls during enrollment.

Looking at the yubikey python file in privacyideautils it seems that when the wait_for_new_yubikey function encounters a USBError it prints the character u to the stdout. the wait_for_new_yubikey function itself is called within the yubikey_mass_enroll function in the bin/privacyidea file. After turning on a debug flag for find_key (a function called by wait_for_new_yubikey) located in the yubikey.py file of the python-yubico package I started receiving this error: “YubiKeyHIDDevice: detachKernelDriver not supported!”.

Digging around a bit I came across this github issue.

It seems that libusb, a dependency that python-yubico uses, doesn’t support Yubikeys.

From my digging it seems that this isn’t a privacyIDEA code issue, but i’m wondering if you guys have a solution or workaround for people enrolling Yubikey with privdacyIDEA on macOS, that doesn’t involve using the ykpersonalize tool?

Hi Olivier,

we did not test the mass enrollment on mac OS. So we do not know of any workaround here.
You could still go for a raspberry PI for a few bucks and attach it to your Mac. sorry.

Kind regards

Understood, thank you!