Ancestors

Toot

Written by release_candidate on 2024-10-18 at 16:44

After some pam configs, I can use the USB keys to authenticate login and doas instead of password.

[#]u2f #pam #fido #fido2 #NetBSD

=> View attached media

=> More informations about this toot | More toots from release_candidate@bsd.cafe

Descendants

Written by release_candidate on 2024-10-18 at 16:50

Of course, anyone with the key in their hands is root if my laptop drive is already decrypted.

Something that may not look too secure. I have to think a bit more if this is the setup I really want.

It's just like "anyone can be the driver if they found the bike keys"

=> More informations about this toot | More toots from release_candidate@bsd.cafe

Written by Ricardo Martín on 2024-10-18 at 17:14

@release_candidate Shutdown your encrypted device on USB removal 😅

=> View attached media

=> More informations about this toot | More toots from ricardo@bsd.cafe

Written by feld on 2024-10-18 at 18:04

@release_candidate it could be done with the smartcard part of a yubikey instead of u2f which then lets you require that the device be unlocked with a passphrase before the touches will work

edit: this IMO is kinda why u2f sucks and I don't use it

=> More informations about this toot | More toots from feld@friedcheese.us

Proxy Information

Original URL: gemini://mastogem.picasoft.net/thread/113329431217521567
Status Code: Success (20)
Meta: text/gemini
Capsule Response Time: 274.704987 milliseconds
Gemini-to-HTML Time: 0.6754 milliseconds

This content has been proxied by September (ba2dc).