Yubikey: Difference between revisions
No edit summary |
→Logging-in: Added option for exclusive Yubikey login/sudo |
||
| Line 55: | Line 55: | ||
See chapter ''Test PAM configuration'' an the end of this page. | See chapter ''Test PAM configuration'' an the end of this page. | ||
6. (optional) Only allow Yubikey for login and sudo authentication | |||
If you don't want to be able to use your password to login to your user account or access sudo, you can modify the pam service as follows. | |||
{{Warning|Be careful, losing your Yubikey will make it impossible to sign in with this configuration.}}<syntaxhighlight lang="nixos"> | |||
security.pam.services = { | |||
login = { | |||
u2fAuth = true; | |||
unixAuth = false; | |||
}; | |||
sudo = { | |||
u2fAuth = true; | |||
unixAuth = false; | |||
}; | |||
}; | |||
</syntaxhighlight> | |||
=== yubico-pam === | === yubico-pam === | ||