View previous topic :: View next topic |
Author |
Message |
Budoka l33t
Joined: 03 Jun 2012 Posts: 777 Location: Tokyo, Japan
|
Posted: Wed May 01, 2019 2:58 am Post subject: Would like to use YubiKey to login to my laptop. |
|
|
Just purchased some Yubikeys and would like to use them to login to my box. Unfortunately I wasn't aware of opensource nitrokeys before purchase.
My current config is as follows:
I am running a dual boot Win7/Gentoo. Grub2 is managing boot. Would love to kill Win7 but is a hard requirement for work even though it gets booted up rarely. Win7 was easily configured with a msi from Yubico.
The Gentoo partition is running LUKS over LVM2.
Ideally I would like to use Yubikey at the initial sign in that decrypts the partition and then again when logging in to the DE. I use both Plasma and XFCE. Between the login at LUKS and the logon at the DE I run sddm manually from the console.
So I guess my flow looks like this,
Machine boots.
I am presented with dual boot options.
I select Gentoo.
I am prompted to enter Luks password.
That drops me in to tmux.
I execute sddm.
That brings me to the login screen where I can select Plasma or XFCE.
My initial searches I can't find any WIKI that outlines how to set up yubikey easily.
Yubico has the following info [url]https://developers.yubico.com/yubico-pam/[/url]
And I found this page as well [url]https://jsteward.moe/yubikey-as-login-token.html[/url]
but it all sees quite complicated. I rather err on the side of caution because if I botch configuring this I can be locked out of my system.
Any advice would be appreciated. |
|
Back to top |
|
|
Ant P. Watchman
Joined: 18 Apr 2009 Posts: 6920
|
Posted: Wed May 01, 2019 4:55 am Post subject: |
|
|
https://wiki.gentoo.org/wiki/Pam_u2f
Is this what you want?
There's also a sys-auth/pam_yubico with a higher version number, but it's ~arch, there's no reference to it on the wiki, and both packages seem to have an active upstream. |
|
Back to top |
|
|
|