summaryrefslogtreecommitdiff
path: root/src/SW/yubikey-auth/document.en.rest.txt
diff options
context:
space:
mode:
Diffstat (limited to 'src/SW/yubikey-auth/document.en.rest.txt')
-rw-r--r--src/SW/yubikey-auth/document.en.rest.txt42
1 files changed, 42 insertions, 0 deletions
diff --git a/src/SW/yubikey-auth/document.en.rest.txt b/src/SW/yubikey-auth/document.en.rest.txt
new file mode 100644
index 0000000..f26b026
--- /dev/null
+++ b/src/SW/yubikey-auth/document.en.rest.txt
@@ -0,0 +1,42 @@
+==================================================
+Using a Yubikey to authenticate to a Gentoo system
+==================================================
+:CreationDate: 2015-11-29 13:30:11
+:Id: SW/yubikey-auth
+:tags: - software
+ - configs
+
+Very rough:
+
+* add `my overlay`_
+
+* un-keyword the needed packages, for example by writing this to
+ ``/etc/portage/package.accept_keywords/yubikey``::
+
+ app-crypt/libu2f-host
+ app-crypt/libu2f-server
+ sys-auth/pam_u2f
+
+* install |pam_u2f|_
+
+* add at the top of ``/etc/pam.d/system-login``::
+
+ auth required pam_u2f.so
+
+* run::
+
+ mkdir -p ~/config/Yubico
+ pamu2fcfg -uusername -opam://$(hostname) -ipam://$(hostname) \
+ >> ~/config/Yubico/u2f_keys
+
+* Done. See the |pam_u2f|_ documentation for further details.
+
+.. note::
+
+ By declaring that |pam_u2f| is "``required``", you're saying that
+ the Yubikey is necessary *in addition to your password*. If you
+ want to just use the Yubikey, write ``sufficient`` instead.
+
+.. _`my overlay`: https://www.thenautilus.net/cgit/gentoo-overlay/
+.. _`pam_u2f`: https://developers.yubico.com/pam-u2f/
+.. |pam_u2f| replace:: ``pam_u2f``
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-20 02:39:08 +0000