Comments (8)
how have you installed the module? We don't provide Fedora packages so you might want to check with the maintainer of the package if he/she has a preferred location.
As far as I know authconfig
is a Fedora/Red Hat specific tool.
from pam-u2f.
hi alessio
im sorry i wasnt clear. module works.. but im not sure about the right way
to enable it on fedora.
authconfig auto-generates these files and my u2f settings will be
overwritten.
can you help please
On Nov 22, 2016 2:46 PM, "Alessio Di Mauro" [email protected]
wrote:
how have you installed the module? We don't provide Fedora packages so you
might want to check with the maintainer of the package if he/she has a
preferred location.
As far as I know authconfig is a Fedora/Red Hat specific tool.—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub
#46 (comment), or mute
the thread
https://github.com/notifications/unsubscribe-auth/AAEsUwOrmdoNx6HvWuvGJPKHlQubz2vVks5rArL1gaJpZM4K5KfA
.
from pam-u2f.
I'm not sure what you mean with "these files".
For pam-u2f to work you need:
- a configuration file for the authentication service, the location of this is system-specific (usually something like
/etc/pam.d/
) - an authfile for the mapping between users and devices, this is generated with
pamu2fcfg
and it's location is discussed in theREADME
file
I doubt that your OS is even aware of the existence of the second file. The first you should be able to handle with whatever tool the OS provides you.
from pam-u2f.
hi alessio
all files in pam.d are "automatically generated" by authconfig.
thats the issue.
if i add u2f configuration to the pam.d files.. it works, but it will get
overwritten the next time authconfig runs and i will lose my edits.
On Nov 22, 2016 3:11 PM, "Alessio Di Mauro" [email protected]
wrote:
I'm not sure what you mean with "these files".
For pam-u2f to work you need:
- a configuration file for the authentication service, the location of
this is system-specific (usually something like /etc/pam.d/)- an authfile for the mapping between users and devices, this is
generated with pamu2fcfg and it's location is discussed in the README
fileI doubt that your OS is even aware of the existence of the second file.
The first you should be able to handle with whatever tool the OS provides
you.—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub
#46 (comment), or mute
the thread
https://github.com/notifications/unsubscribe-auth/AAEsUzBRGAPuaTUI6ENhzofDDPJ-C9-mks5rArjTgaJpZM4K5KfA
.
from pam-u2f.
Looking at the authconfig man page, would this help you?
/etc/pam.d/system-auth-ac
Contains the actual PAM configuration for system services and is the default target of the /etc/pam.d/system-auth symlink. If a local configuration of PAM is created (and symlinked from system-auth file) this file can be included there.
from pam-u2f.
this is the contents of the system-auth-ac file
#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth required pam_env.so
auth sufficient pam_fprintd.so
auth sufficient pam_unix.so nullok try_first_pass
auth requisite pam_succeed_if.so uid >= 1000 quiet_success
auth required pam_deny.so
account required pam_unix.so
account sufficient pam_localuser.so
account sufficient pam_succeed_if.so uid < 1000 quiet
account required pam_permit.so
password requisite pam_pwquality.so try_first_pass local_users_only retry=3 authtok_type=
password sufficient pam_unix.so sha512 shadow nullok try_first_pass use_authtok
password required pam_deny.so
session optional pam_keyinit.so revoke
session required pam_limits.so
-session optional pam_systemd.so
session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
session required pam_unix.so
notice the
#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run
from pam-u2f.
Yes, but this is not what I'm talking about. Read the man page.
You can substitute system-auth
or system-auth-ac
with a symlink and have them point to your local configuratoin
from pam-u2f.
@a-dma He did read the manpage, and you're still incorrect over four years later (and that includes authselect
, the replacement for authconfig
). With luck somebody else has already documented this properly, as Yubico sure hasn't.
from pam-u2f.
Related Issues (20)
- Found 0 device(s) for user XXXX HOT 1
- Entries order in u2f_keys + feature request HOT 4
- libfido2 debug output is written to stderr HOT 1
- install on peppermint os HOT 1
- Pamu2f doesn't fallback to PIN when blocking the Yubikey by touching it wrong more than 3 times HOT 2
- pamu2fcfg arbitrarily decides whether to ask for PIN or not. HOT 4
- Question: is it possible to Skip u2f login without unplugging the FIDO device? HOT 5
- Can only authenticate when using PIN verification HOT 4
- Idea: use hmac-secret to hook into the keyrings and open them (like when using pw) HOT 3
- Mooltipass Mini BLE: FIDO_ERR_INVALID_ARGUMENT HOT 12
- libpam-u2f and ubuntu 22.04 error: yubico ubuntu login segmentation fault (core dumped) HOT 1
- More descriptive error messages HOT 8
- Nitrokey U2F doesn't work together with Nitrokey 3A/C HOT 6
- Having U2F key inserted on startup breaks GNOME password login until restart HOT 1
- pam-u2f saying that my token doesn't have a pin even so a pin is set. HOT 2
- [RFE] Allow comments in authorization mapping file
- Log keyhandle on auth attempt HOT 2
- Relaxed auth file parsing
- GDM login takes two minutes for U2F cue to appear on device after password entry HOT 18
- Timestamp debug logs HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from pam-u2f.