|
|
|
@ -2,7 +2,7 @@ sudo yubikey-personalization-gui
|
|
|
|
Use:
|
|
|
|
Use:
|
|
|
|
- HMAC-SHA1
|
|
|
|
- HMAC-SHA1
|
|
|
|
- Configuration slot 1
|
|
|
|
- Configuration slot 1
|
|
|
|
- Require user input (button press)
|
|
|
|
- Require user input (button press, optional)
|
|
|
|
- Yubikey unprotected (keep it that way)
|
|
|
|
- Yubikey unprotected (keep it that way)
|
|
|
|
- Click <Generate>
|
|
|
|
- Click <Generate>
|
|
|
|
Set it to use challenge response (no password):
|
|
|
|
Set it to use challenge response (no password):
|
|
|
|
@ -12,5 +12,15 @@ mkdir ~/.yubico
|
|
|
|
ykpamcfg -1 -v
|
|
|
|
ykpamcfg -1 -v
|
|
|
|
mv .yubico/ /home/forksand/
|
|
|
|
mv .yubico/ /home/forksand/
|
|
|
|
chown -R forksand:forksand /home/forksand/.yubico/
|
|
|
|
chown -R forksand:forksand /home/forksand/.yubico/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# Install:
|
|
|
|
|
|
|
|
apt install libpam-yubico
|
|
|
|
|
|
|
|
|
|
|
|
vim /etc/pam.d/common-auth
|
|
|
|
vim /etc/pam.d/common-auth
|
|
|
|
|
|
|
|
# Set pam config to just have these lines:
|
|
|
|
|
|
|
|
auth required pam_yubico.so mode=challenge-response
|
|
|
|
|
|
|
|
auth [success=1 default=ignore] pam_unix.so nullok_secure try_first_pass
|
|
|
|
|
|
|
|
auth requisite pam_deny.so
|
|
|
|
|
|
|
|
auth required pam_permit.so
|
|
|
|
|
|
|
|
auth optional pam_cap.so
|
|
|
|
|
|
|
|
|
|
|
|
|
Jeff Moe
6 years ago