From: Crystal Kolipe <kolipe.c@exoticsilicon.com>
Subject: Re: patch: stop login_yubikey(8) leaking OTP data to syslog
To: Emiel Kollof <emiel@kollof.nl>, tech@openbsd.org
Date: Wed, 20 Aug 2025 12:14:52 +0100

On Wed, Aug 20, 2025 at 11:05:09AM +0100, Stuart Henderson wrote:
> this is a much wider problem than one specific device, there are other
> usb keys that have both fido and "fake keyboard" otp buttons on the same
> device like yubikeys, also we have problems with some UPS that require
> users to build modified kernels,
> 
> let me show you how a different os handles this:
> 
> https://man.freebsd.org/cgi/man.cgi?usbconfig
> 
> specifically add_quirk here, I'm not saying we should necessarily have
> the same, but this covers the situation where some users want one type
> of behaviour from some device, and others want different behaviour.

Couldn't the immediate problem that prompted this change could be mitigated at
least on wscons by adding a new keyboard map which contains no entries and
therefore maps every key to producing no input, and making yubikey devices
default to this map?

Then users could enable the functionality by changing the keyboard map to
a normal one.