as I didn't get an answer maybe this forum is more appropriate.
I tried it here https://unix.stackexchange.com/question ... key-yubiko
My question is:
I experimented on a Surface Go, that's why it is an Ubuntu 19.04 system, a bit and took a look here: https://schulz.dk/2019/08/23/using-solo ... nux-login/ and here: https://wiki.gnome.org/Projects/GnomeKe ... figuration
After this created a file named common-fido-auth and included it in
Code: Alles auswählen
/etc/pam.d/sudo
Code: Alles auswählen
/etc/pam.d/gdm-password
Code: Alles auswählen
#%PAM-1.0
session required pam_env.so readenv=1 user_readenv=0
session required pam_env.so readenv=1 envfile=/etc/default/locale user_readenv=0
@include common-fido-auth #instead of @include common-auth
@include common-account
@include common-session-noninteractive
Code: Alles auswählen
auth include common-fido # I tried auth substack common-fido which didn't work due to the brackets in common-fido
auth requisite pam_deny.so
auth required pam_permit.so
auth optional pam_cap.so
Code: Alles auswählen
common-fido
Code: Alles auswählen
auth [success=done default=ignore] pam_u2f.so # this is not aquivalent to sufficient
auth [success=1 default=ignore] pam_unix.so nullok_secure # this one as well does not match required
Has someone any ideas how to automatically unlock the gnome keyring with pam_u2f.so?