Gnome Keyring doesn't get unlocked with Solokeys (Yubiko)

[twinkybot]

Hello,

as I didn't get an answer maybe this forum is more appropriate.
I tried it here https://unix.stackexchange.com/question ... key-yubiko

My question is:
I experimented on a Surface Go, that's why it is an Ubuntu 19.04 system, a bit and took a look here: https://schulz.dk/2019/08/23/using-solo ... nux-login/ and here: https://wiki.gnome.org/Projects/GnomeKe ... figuration

After this created a file named common-fido-auth and included it in

Code: Alles auswählen

/etc/pam.d/sudo

and

Code: Alles auswählen

 /etc/pam.d/gdm-password

The last one looks like this

Code: Alles auswählen

#%PAM-1.0
session required pam_env.so readenv=1 user_readenv=0
session required pam_env.so readenv=1 envfile=/etc/default/locale user_readenv=0
@include common-fido-auth #instead of @include common-auth
@include common-account
@include common-session-noninteractive

I assumed that common-auth has modules which unlocks the gnome keyring and copied some lines from common-auth

Code: Alles auswählen

auth include common-fido  # I tried auth substack common-fido which didn't work due to the brackets in common-fido
auth requisite pam_deny.so
auth required pam_permit.so
auth optional pam_cap.so

Where as

Code: Alles auswählen

common-fido

looks like

Code: Alles auswählen

auth    [success=done default=ignore]   pam_u2f.so				# this is not aquivalent to sufficient
auth    [success=1 default=ignore]        pam_unix.so nullok_secure	# this one as well does not match required

As mentioned aboive substack does not work with the common-fido file if I use the [values] instead of sufficient and required. But I don'T know PAM that much so I do not know if I can replace the values with the keywords.

Has someone any ideas how to automatically unlock the gnome keyring with pam_u2f.so?