Yubikey: Difference between revisions
imported>Patryk27 No edit summary |
imported>Greizgh →Logging-in: use yubikey-manager instead of ykpersonalize, suggest --touch option |
||
| Line 45: | Line 45: | ||
You'll also need to program the Yubikey for challenge-response on slot 2 and setup the current user for logon: | You'll also need to program the Yubikey for challenge-response on slot 2 and setup the current user for logon: | ||
# <code>nix-shell -p yubico-pam -p yubikey- | # <code>nix-shell -p yubico-pam -p yubikey-manager</code> | ||
# <code> | # <code>ykman otp chalresp --touch --generate -2</code> | ||
# <code>ykpamcfg -2 -v</code> | # <code>ykpamcfg -2 -v</code> | ||
To automatically login, without having to touch the key, omit the <code>--touch</code> option. | |||
Having that, you should be able to use your Yubikey to login and for sudo. You can also set <code>security.pam.yubico.control</code> to "required" in order to have multi-factor authentication. | Having that, you should be able to use your Yubikey to login and for sudo. You can also set <code>security.pam.yubico.control</code> to "required" in order to have multi-factor authentication. | ||