Yubikey: Difference between revisions
No edit summary |
m Added a little note with the ID_MODEL_ID of the Security Series, so users won't run into issues first thing. |
||
| (One intermediate revision by one other user not shown) | |||
| Line 55: | Line 55: | ||
See chapter ''Test PAM configuration'' an the end of this page. | See chapter ''Test PAM configuration'' an the end of this page. | ||
6. (optional) Only allow Yubikey for login and sudo authentication | |||
If you don't want to be able to use your password to login to your user account or access sudo, you can modify the pam service as follows. | |||
{{Warning|Be careful, losing your Yubikey will make it impossible to sign in with this configuration.}}<syntaxhighlight lang="nixos"> | |||
security.pam.services = { | |||
login = { | |||
u2fAuth = true; | |||
unixAuth = false; | |||
}; | |||
sudo = { | |||
u2fAuth = true; | |||
unixAuth = false; | |||
}; | |||
}; | |||
</syntaxhighlight> | |||
=== yubico-pam === | === yubico-pam === | ||
| Line 154: | Line 171: | ||
If this does not work with your Yubikey take a look at the output of this command when you plug-in/unplug your Yubikey | If this does not work with your Yubikey take a look at the output of this command when you plug-in/unplug your Yubikey | ||
<code>udevadm monitor --udev --environment</code> and adjust the rule accordingly. This rule should work with most Yubikey 5 series models | <code>udevadm monitor --udev --environment</code> and adjust the rule accordingly. This rule should work with most Yubikey 5 series models. The Yubikey Security series <code>ID_MODEL_ID</code> is <code>0402</code>. | ||
== Links == | == Links == | ||