In comparing your request with that defined in the request token fetch stage (http://developer.yahoo.com/oauth/guide/oauth-requesttoken.html) what I can see off the bat is that you're missing the oauth_callback parameter, which should match the application URL which you used to get the application key. The xoauth_lang_pref is optional, so there's no need to include that. Here's the dump of a sample request:
Yet it doesn't work, as for me. I just fill the correct values and still get 401 Unauthorized. If I enter the URL directly in the browser I get Custom port is not allowed or the host is not registered with this consumer key.