2024-04-13 17:14:39 |
Jaromir Obr |
description |
I own YubiKey 5 Nano.
In Ubuntu 23.10 I had configured a login to Gnome using YubiKey so that when I started OS with YubiKey inserted, clicked on my username in login screen, I was offered to touch YubiKey and when I did it, then a login succeeded β.
But when I upgraded to Ubuntu 24.04 beta, in login screen I'm prompted by entering of password only and no "touch" method is offered anymore π.
Note that YubiKey auth works well e.g. for "sudo":
---
$ sudo apt update
Please touch the device.
...
This is my GDM policy configuration
/etc/pam.d/gdm-password
-----------------------
#%PAM-1.0
auth requisite pam_nologin.so
auth required pam_succeed_if.so user != root quiet_success
@include common-u2f
@include common-auth
auth optional pam_gnome_keyring.so
@include common-account
# SELinux needs to be the first session rule. This ensures that any
# lingering context has been cleared. Without this it is possible
# that a module could execute code in the wrong domain.
session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close
session required pam_loginuid.so
# SELinux needs to intervene at login time to ensure that the process
# starts in the proper default security context. Only sessions which are
# intended to run in the user's context should be run after this.
# pam_selinux.so changes the SELinux context of the used TTY and configures
# SELinux in order to transition to the user context with the next execve()
# call.
session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open
session optional pam_keyinit.so force revoke
session required pam_limits.so
session required pam_env.so readenv=1
session required pam_env.so readenv=1 user_readenv=1 envfile=/etc/default/locale
@include common-session
session optional pam_gnome_keyring.so auto_start
@include common-password
/etc/pam.d/common-u2f
---------------------
auth sufficient pam_u2f.so authfile=/etc/u2f_mappings cue
Used SW:
--------
* Ubuntu 24.04
* kernel 6.8.0-22-generic
* gdm3 46.0-2ubuntu1, I'm using default Wayland session
* libpam-yubico 2.26-1.1build2 |
I own YubiKey 5 Nano.
In Ubuntu 23.10 I had configured a login to Gnome using YubiKey so that when I started OS with YubiKey inserted, clicked on my username in login screen, I was offered to touch YubiKey and when I did it, then a login succeeded β.
But when I upgraded to Ubuntu 24.04 beta, in login screen I'm prompted by entering of password only and no "touch" method is offered anymore π.
Note that YubiKey auth works well e.g. for "sudo":
---
$ sudo apt update
Please touch the device.
...
This is my GDM policy configuration
/etc/pam.d/gdm-password
-----------------------
#%PAM-1.0
auth requisite pam_nologin.so
auth required pam_succeed_if.so user != root quiet_success
@include common-u2f
@include common-auth
auth optional pam_gnome_keyring.so
@include common-account
# SELinux needs to be the first session rule. This ensures that any
# lingering context has been cleared. Without this it is possible
# that a module could execute code in the wrong domain.
session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close
session required pam_loginuid.so
# SELinux needs to intervene at login time to ensure that the process
# starts in the proper default security context. Only sessions which are
# intended to run in the user's context should be run after this.
# pam_selinux.so changes the SELinux context of the used TTY and configures
# SELinux in order to transition to the user context with the next execve()
# call.
session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open
session optional pam_keyinit.so force revoke
session required pam_limits.so
session required pam_env.so readenv=1
session required pam_env.so readenv=1 user_readenv=1 envfile=/etc/default/locale
@include common-session
session optional pam_gnome_keyring.so auto_start
@include common-password
/etc/pam.d/common-u2f
---------------------
auth sufficient pam_u2f.so authfile=/etc/u2f_mappings cue
Used SW and HW:
---------------
* HW: laptop Yoga Slim 7 14ARE05
* SW:
* Ubuntu 24.04
* kernel 6.8.0-22-generic
* gdm3 46.0-2ubuntu1, I'm using default Wayland session
* libpam-yubico 2.26-1.1build2 |
|