Open main menu

Linux and Unix Users Group at Virginia Teck Wiki β

Changes

Yubikey

236 bytes added, 17:29, 17 May 2017
PGP Keys
The test is needed because the script is run whenever the yubikey is polled for challenge-response authentication (because this causes it to change modes from USB HID to serial and back again), and we only want to lock the screen when the key is actually removed. Note that if you have yubikey auth enabled in /etc/pam.d/su, it must come after <code>auth sufficient pam_rootok.so</code>.
* Put your script to lock the screen in /usr/local/bin/lock. You must set DISPLAY=:0 to have the screen locker work correctly if you're not using a daemonized locker such as xscreensaver or gnome-screensaver.
 
== PGP Keys ==
 
It is best to see [https://wiki.archlinux.org/index.php/Yubikey#Enabling_OpenPGP_smartcard_mode this section] in the arch wiki for details; with configuration, it is possible to use your PGP keyring as an ssh key, too.
== U2F (Universal Second Factor) with Duo [[gp:2FA|2FA]] (Yubikey NEO and 4 only) ==
Anonymous user