Yubikey: Difference between revisions
imported>Oluceps fix non exist option, fix format. |
imported>RichardJActon Add a section on how to lock the screen automatically when a yubikey is removed from the system |
||
| Line 136: | Line 136: | ||
If the result is <code>pamtester: successfully authenticated</code> then everything should work as expected. | If the result is <code>pamtester: successfully authenticated</code> then everything should work as expected. | ||
== Locking the screen when a Yubikey is unplugged == | |||
This can be achieved with a <code>udev</code> rule, which can be added to your <code>configuration.nix</code> | |||
<syntaxHighlight lang=nix> | |||
services.udev.extraRules = '' | |||
ACTION=="remove",\ | |||
ENV{ID_BUS}=="usb",\ | |||
ENV{ID_MODEL_ID}=="0407",\ | |||
ENV{ID_VENDOR_ID}=="1050",\ | |||
ENV{ID_VENDOR}=="Yubico",\ | |||
RUN+="${pkgs.systemd}/bin/loginctl lock-sessions" | |||
''; | |||
</syntaxHighlight> | |||
This will lock all sessions if any Yubikey matching the rule is unplugged. | |||
If this does not work with your Yubikey take a look at the output of this command when you plug-in/unplug your Yubikey | |||
<code>udevadm monitor --udev --environment</code> and adjust the rule accordingly. This rule should work with most Yubikey 5 series models | |||
== Links == | == Links == | ||