|
This allows me to login and sudo with *either* a password or my yubikey.
I also had to setup my yubikey with the instructions here:
https://nixos.wiki/wiki/Yubikey#Logging-in
Basically use ykman and ykpamcfg to generate a challenge-response setup
on slot 2 of my yubikey. The pam config compares the key response with
the ~/.yubico/challenge-* file in order to authenticate. I think pam
uses the ~/.yubico/authorized_keys file to know to which yubikey to send
the challenge, but I'm not sure on that one.
|
