Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
Would like to use YubiKey to login to my laptop.
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
Budoka
l33t
l33t


Joined: 03 Jun 2012
Posts: 737
Location: Tokyo, Japan

PostPosted: Wed May 01, 2019 2:58 am    Post subject: Would like to use YubiKey to login to my laptop. Reply with quote

Just purchased some Yubikeys and would like to use them to login to my box. Unfortunately I wasn't aware of opensource nitrokeys before purchase.

My current config is as follows:

I am running a dual boot Win7/Gentoo. Grub2 is managing boot. Would love to kill Win7 but is a hard requirement for work even though it gets booted up rarely. Win7 was easily configured with a msi from Yubico.

The Gentoo partition is running LUKS over LVM2.

Ideally I would like to use Yubikey at the initial sign in that decrypts the partition and then again when logging in to the DE. I use both Plasma and XFCE. Between the login at LUKS and the logon at the DE I run sddm manually from the console.

So I guess my flow looks like this,

Machine boots.
I am presented with dual boot options.
I select Gentoo.
I am prompted to enter Luks password.
That drops me in to tmux.
I execute sddm.
That brings me to the login screen where I can select Plasma or XFCE.

My initial searches I can't find any WIKI that outlines how to set up yubikey easily.

Yubico has the following info [url]https://developers.yubico.com/yubico-pam/[/url]

And I found this page as well [url]https://jsteward.moe/yubikey-as-login-token.html[/url]

but it all sees quite complicated. I rather err on the side of caution because if I botch configuring this I can be locked out of my system.

Any advice would be appreciated.
Back to top
View user's profile Send private message
Ant P.
Watchman
Watchman


Joined: 18 Apr 2009
Posts: 6356

PostPosted: Wed May 01, 2019 4:55 am    Post subject: Reply with quote

https://wiki.gentoo.org/wiki/Pam_u2f
Is this what you want?

There's also a sys-auth/pam_yubico with a higher version number, but it's ~arch, there's no reference to it on the wiki, and both packages seem to have an active upstream.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum