Last active
December 4, 2024 07:25
-
-
Save nemolize/20672cd570444dcb3db4311f3a12b012 to your computer and use it in GitHub Desktop.
This setting enables linux login with your U2F device. The file location is `/etc/pam.d/system-auth`
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #%PAM-1.0 | |
| auth required pam_faillock.so preauth | |
| # Optionally use requisite above if you do not want to prompt for the password | |
| # on locked accounts. | |
| # The following 2 lines enables you to login with both Yubikey and password | |
| # Thanks: https://cromwell-intl.com/cybersecurity/yubikey/pam_u2f.html | |
| auth sufficient pam_unix.so try_first_pass nullok | |
| auth sufficient pam_u2f.so cue | |
| #auth [success=2 default=ignore] pam_unix.so try_first_pass nullok | |
| #-auth [success=1 default=ignore] pam_systemd_home.so | |
| auth [default=die] pam_faillock.so authfail | |
| auth optional pam_permit.so | |
| auth required pam_env.so | |
| auth required pam_faillock.so authsucc | |
| # If you drop the above call to pam_faillock.so the lock will be done also | |
| # on non-consecutive authentication failures. | |
| -account [success=1 default=ignore] pam_systemd_home.so | |
| account required pam_unix.so | |
| account optional pam_permit.so | |
| account required pam_time.so | |
| -password [success=1 default=ignore] pam_systemd_home.so | |
| password required pam_unix.so try_first_pass nullok shadow sha512 | |
| password optional pam_permit.so | |
| session required pam_limits.so | |
| session required pam_unix.so | |
| session optional pam_permit.so |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
You have to generate key file with your Yubikey
refs: https://support.yubico.com/hc/en-us/articles/360016649099-Ubuntu-Linux-Login-Guide-U2F