From be4a6668a4516097dffbb69ae0a0e2f2a3d13f8a Mon Sep 17 00:00:00 2001 From: dakkar Date: Sun, 29 Nov 2015 13:49:23 +0000 Subject: docs about yubikey --- src/SW/yubikey-auth/.gitignore | 2 ++ src/SW/yubikey-auth/document.en.rest.txt | 42 ++++++++++++++++++++++++++++++++ src/SW/yubikey-auth/document.it.rest.txt | 42 ++++++++++++++++++++++++++++++++ src/SW/yubikey-auth/du2html.xsl | 1 + 4 files changed, 87 insertions(+) create mode 100644 src/SW/yubikey-auth/.gitignore create mode 100644 src/SW/yubikey-auth/document.en.rest.txt create mode 100644 src/SW/yubikey-auth/document.it.rest.txt create mode 120000 src/SW/yubikey-auth/du2html.xsl diff --git a/src/SW/yubikey-auth/.gitignore b/src/SW/yubikey-auth/.gitignore new file mode 100644 index 0000000..08d33d4 --- /dev/null +++ b/src/SW/yubikey-auth/.gitignore @@ -0,0 +1,2 @@ +/document.en.du.xml +/document.it.du.xml diff --git a/src/SW/yubikey-auth/document.en.rest.txt b/src/SW/yubikey-auth/document.en.rest.txt new file mode 100644 index 0000000..f26b026 --- /dev/null +++ b/src/SW/yubikey-auth/document.en.rest.txt @@ -0,0 +1,42 @@ +================================================== +Using a Yubikey to authenticate to a Gentoo system +================================================== +:CreationDate: 2015-11-29 13:30:11 +:Id: SW/yubikey-auth +:tags: - software + - configs + +Very rough: + +* add `my overlay`_ + +* un-keyword the needed packages, for example by writing this to + ``/etc/portage/package.accept_keywords/yubikey``:: + + app-crypt/libu2f-host + app-crypt/libu2f-server + sys-auth/pam_u2f + +* install |pam_u2f|_ + +* add at the top of ``/etc/pam.d/system-login``:: + + auth required pam_u2f.so + +* run:: + + mkdir -p ~/config/Yubico + pamu2fcfg -uusername -opam://$(hostname) -ipam://$(hostname) \ + >> ~/config/Yubico/u2f_keys + +* Done. See the |pam_u2f|_ documentation for further details. + +.. note:: + + By declaring that |pam_u2f| is "``required``", you're saying that + the Yubikey is necessary *in addition to your password*. If you + want to just use the Yubikey, write ``sufficient`` instead. + +.. _`my overlay`: https://www.thenautilus.net/cgit/gentoo-overlay/ +.. _`pam_u2f`: https://developers.yubico.com/pam-u2f/ +.. |pam_u2f| replace:: ``pam_u2f`` diff --git a/src/SW/yubikey-auth/document.it.rest.txt b/src/SW/yubikey-auth/document.it.rest.txt new file mode 100644 index 0000000..af1e083 --- /dev/null +++ b/src/SW/yubikey-auth/document.it.rest.txt @@ -0,0 +1,42 @@ +============================================================ +Come usare una Yubikey per autenticarsi in un sistema Gentoo +============================================================ +:CreationDate: 2015-11-29 13:30:11 +:Id: SW/yubikey-auth +:tags: - software + - configs + +Versione molto rapida: + +* aggiungete `la mia overlay`_ + +* abilitate i pacchetti che servono, ad esempio scrivendo queste righe + in ``/etc/portage/package.accept_keywords/yubikey``:: + + app-crypt/libu2f-host + app-crypt/libu2f-server + sys-auth/pam_u2f + +* installate |pam_u2f|_ + +* aggiungete questa riga all'inizio di ``/etc/pam.d/system-login``:: + + auth required pam_u2f.so + +* eseguite:: + + mkdir -p ~/config/Yubico + pamu2fcfg -uusername -opam://$(hostname) -ipam://$(hostname) \ + >> ~/config/Yubico/u2f_keys + +* Fatto. Leggete la documentazione di |pam_u2f|_ per i dettagli. + +.. note:: + + Dichiarando che |pam_u2f| è "``required``", stiamo dicendo che la + Yubikey è necessaria *in aggiunta alla password*. Se volete usare + la Yubikey da sola, scrivete invece ``sufficient``. + +.. _`la mia overlay`: https://www.thenautilus.net/cgit/gentoo-overlay/ +.. _`pam_u2f`: https://developers.yubico.com/pam-u2f/ +.. |pam_u2f| replace:: ``pam_u2f`` diff --git a/src/SW/yubikey-auth/du2html.xsl b/src/SW/yubikey-auth/du2html.xsl new file mode 120000 index 0000000..e2487e0 --- /dev/null +++ b/src/SW/yubikey-auth/du2html.xsl @@ -0,0 +1 @@ +../../../templates/du2html.xsl \ No newline at end of file -- cgit v1.2.3