yubikey setup

source/resources/apps/yubikey/README.md

@@ -2,7 +2,7 @@ sudo yubikey-personalization-gui
 Use:
 - HMAC-SHA1
 - Configuration slot 1
-- Require user input (button press)
+- Require user input (button press, optional)
 - Yubikey unprotected (keep it that way)
 - Click <Generate>
 Set it to use challenge response (no password):
@@ -12,5 +12,15 @@ mkdir ~/.yubico
 ykpamcfg -1 -v
 mv .yubico/ /home/forksand/
 chown -R forksand:forksand /home/forksand/.yubico/
+
+# Install:
+apt install libpam-yubico
+
 vim /etc/pam.d/common-auth
+# Set pam config to just have these lines:
+auth    required        pam_yubico.so mode=challenge-response
+auth    [success=1 default=ignore]      pam_unix.so nullok_secure try_first_pass
+auth    requisite                       pam_deny.so
+auth    required                        pam_permit.so
+auth    optional                        pam_cap.so