diff options
author | Ben Sima <ben@bsima.me> | 2022-01-31 16:45:55 -0500 |
---|---|---|
committer | Ben Sima <ben@bsima.me> | 2022-01-31 16:45:55 -0500 |
commit | e18ad25efd2768e597aaa9f94071ed47cb65803f (patch) | |
tree | 49acc2974cdfde65d35328563134ce12cb0369b3 /profiles/beryllium.nix | |
parent | a3be270668ae5780f3ef0437b088870ebbf8e011 (diff) |
yubikey login on helium
This allows me to login and sudo with *either* a password or my yubikey.
I also had to setup my yubikey with the instructions here:
https://nixos.wiki/wiki/Yubikey#Logging-in
Basically use ykman and ykpamcfg to generate a challenge-response setup
on slot 2 of my yubikey. The pam config compares the key response with
the ~/.yubico/challenge-* file in order to authenticate. I think pam
uses the ~/.yubico/authorized_keys file to know to which yubikey to send
the challenge, but I'm not sure on that one.
Diffstat (limited to 'profiles/beryllium.nix')
0 files changed, 0 insertions, 0 deletions