[udev] FIDO u2f security keys should be supported out of the box
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
systemd (Ubuntu) |
Fix Released
|
Undecided
|
Martin Pitt | ||
Trusty |
Confirmed
|
Undecided
|
Unassigned | ||
Xenial |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
[Impact]
* Users plugin U2F key and it does not work in Google Chrome
[Test Case]
* Have stock ubuntu install, without custom U2F rules or libu2f-host0 installed
* Use U2F factor authentication website e.g. google apps, github, yubico, etc.
* Pluging in the key, should just work and complete U2F authentication instead of timing out
[Regression Potential]
* Should not conflict with libu2f-host0 udev rules which is where these are currently shipped
FIDO u2f is an emerging standard for public-private cryptography based 2nd factor authentication, which improves on OTP by mitigating phishing, man-in-the-middle attacks and reply attacks.
Google Chrome supports u2f devices which are now widely available from Yubico (new premium neo Yubikeys and Security keys).
However, udev rules are required to setup permissions to allow the web-browsers which are running as regular users to access the devices in question.
E.g.:
KERNEL=="hidraw*", SUBSYSTEM=
Something like that should be enabled by default, however probably not encode on the vendor/productid as other vendors will also make u2f devices.
summary: |
- FIDO u2f security keys should be supported out of the box + [udev] FIDO u2f security keys should be supported out of the box |
Changed in systemd (Ubuntu Vivid): | |
status: | Incomplete → Confirmed |
no longer affects: | systemd (Ubuntu Utopic) |
no longer affects: | systemd (Ubuntu Vivid) |
Changed in systemd (Ubuntu Xenial): | |
status: | New → In Progress |
description: | updated |
tags: | added: id-5a096cad0b33afe7dc38a9c1 |
Also see http:// lists.freedeskt op.org/ archives/ systemd- devel/2014- October/ 024605. html