I have a yubikey that was previously registered in AES mode with a different PrivacyIDEA server. I want to reregister it with a new PI instance. Ive got privacyideaadm installed on a separate ubuntu 16.04 server. I ran
privacyidea -u piserver -admin admin token yubikey_mass_enroll and it detected the yubikey but got the below response. In addition, when I pushed the yubikey button before, I got a 44 alphanumeric string, now I get a 6 digit string. Is there a way to recover this Yubikey or is it “bricked”?
The error output is clear:
"The minimum OTP PIN length is 4"
The enrollment tool for yubikeys does not set an otp pin. So you need to get rid of this policy to be able to enroll the yubikey.
Yubikeys can be AES mode or OTP mode.
The privacyidea enrollment tool can do both.
You’re right, the message is clear but it was unclear at the time what was causing it to be that number. I realized it after using my brain for a second. The yubikey now only spits out a 6-digit string, which works…just doesn’t look as fancy as the 16 character alphanumeric key that it used to spit out.