Would like to use YubiKey to login to my laptop.

[Budoka]

Just purchased some Yubikeys and would like to use them to login to my box. Unfortunately I wasn't aware of opensource nitrokeys before purchase.

My current config is as follows:

I am running a dual boot Win7/Gentoo. Grub2 is managing boot. Would love to kill Win7 but is a hard requirement for work even though it gets booted up rarely. Win7 was easily configured with a msi from Yubico.

The Gentoo partition is running LUKS over LVM2.

Ideally I would like to use Yubikey at the initial sign in that decrypts the partition and then again when logging in to the DE. I use both Plasma and XFCE. Between the login at LUKS and the logon at the DE I run sddm manually from the console.

So I guess my flow looks like this,

Machine boots.
I am presented with dual boot options.
I select Gentoo.
I am prompted to enter Luks password.
That drops me in to tmux.
I execute sddm.
That brings me to the login screen where I can select Plasma or XFCE.

My initial searches I can't find any WIKI that outlines how to set up yubikey easily.

Yubico has the following info [url]https://developers.yubico.com/yubico-pam/[/url]

And I found this page as well [url]https://jsteward.moe/yubikey-as-login-token.html[/url]

but it all sees quite complicated. I rather err on the side of caution because if I botch configuring this I can be locked out of my system.

Any advice would be appreciated.

[Ant P.]

https://wiki.gentoo.org/wiki/Pam_u2f
Is this what you want?

There's also a sys-auth/pam_yubico with a higher version number, but it's ~arch, there's no reference to it on the wiki, and both packages seem to have an active upstream.