[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: security key for login
|
From: |
Fredrik Salomonsson |
|
Subject: |
Re: security key for login |
|
Date: |
Sat, 04 Jan 2025 20:41:30 +0000 |
Hi,
BP25 <bp25@riseup.net> writes:
> Does anyone know how to use a security key with Guix for login
> (unlocking the screensaver and waking up from suspend)?
I'm using a security key to unlock the screensaver. I still need to
press the power button to wake up the machine and hit enter to trigger
the key.
My setup is sway and swaylock for the screensaver. To get it working
with my key I first needed to disable the PAM rules for swaylock [0].
Then added my own PAM rules for it [1] — which just specifies that
authenticating with the key is sufficient. And that works ok. Only
downside is that unlocking with only the password is slow. It will
still prompt you to press the key and you would need to wait until that
times out to unlock the screensaver. However If you don't have the key
plugged in, unlocking with a password works as normal.
> And if yes, which key would it be?
I'm using a yubikey 5 NFC. But I would think any security key that
supports the FIDO U2F protocol should work. As I'm using the pam-u2f
module for this.
> Would it work when the dm is exwm? The section 3.4 Using security
> keys doesn't provide these info...
I'm far from an expert when it comes to authentication and PAM. But if I
understand things correctly as long as your screensaver is using PAM to
authenticate then pam-u2f should work. Setting things up would be
similar to what I did with swaylock.
This email thread about Guix PAM service, might also be of help to you [2].
[0]
https://git.sr.ht/~plattfot/plt/tree/58ecdc9a285261b1d974b9d3ace95337fc841c5e/item/plt/system/machines.scm#L178
[1]
https://git.sr.ht/~plattfot/plt/tree/58ecdc9a285261b1d974b9d3ace95337fc841c5e/item/plt/system/u2f.scm
[2] https://lists.gnu.org/archive/html/help-guix/2024-08/msg00028.html
--
s/Fred[re]+i[ck]+/Fredrik/g