1.2 KiB
1.2 KiB
Unlock Computer With Yubikey
,#+ARCOLOGY_KEY: cce/pam-u2f ,#+ARCOLOGY_ALLOW_CRAWL: t
I can use pam-u2f
to unlock my computer with a Yubikey that I keep on my belt.
- name: pam-u2f and configurator is installed
dnf:
name:
- pam-u2f
- pamu2fcfg
state: installed
tags:
- security
- pam
- yubikey
pamu2fcfg
is used to register the key on each host, I invoke it shell:pamu2fcfg > ~/.config/Yubico/u2f_keys & because my hostname doesn't change based on anything like DHCP or so. With that file in place, pam
can be instructed to load pam_u2f
and treat a success state from it as sufficient to unlock the system:
- name: install pam configuration
lineinfile:
insertbefore: "auth.*sufficient.*pam_unix.so"
path: /etc/pam.d/system-auth
state: present
line: "auth sufficient pam_u2f.so cue"
regexp: "auth sufficient pam_u2f.so.*"
tags:
- security
- pam
- yubikey