3

I'm testing out Fedora (27) for the first time, trying to get my YubiKey 4 working for local authentication.

In Ubuntu I could configure /etc/pam.d/common-auth to use libpam-yubico as described here. In Fedora however common-auth isn't there, I'm guessing it has another equivalent. According to this outdated wiki article I should be using /etc/pam.d/login, but neither using the method described (with tokens) or an adapted challenge-response works.

I think the problem is that the changes aren't getting updated. I've tried running authconfig --update (in Ubuntu it was pam-auth-update), but it doesn't seem to have any effect.

Index
  • 181
  • 7
  • try `sudo dnf search yubi` to see what packages might be available. – meuh Feb 19 '18 at 15:33
  • I don't think I'm missing any packages. I believe I've found all packages required (the same I've used for my Ubuntu setup). – Index Feb 19 '18 at 16:41

1 Answers1

4

For anyone else stumbling into this (setting up YubiKey with Fedora).

The correct equivalent is /etc/pam.d/sudo. The lib distributed by Yubi works just fine as described in the outdated article. Do note that you don't have to run the config tool distributed with the package, nor do you need to update pam as in Ubuntu.

Index
  • 181
  • 7
  • That will, of course, only configure the Yubikey for the `sudo` command. If that's what you want, cool. Otherwise, are you sure you weren't looking for `/etc/pam.d/system-auth`? – mattdm Feb 20 '18 at 22:05
  • Yes, for this use case that's what I was after (requiring 2FA for sudo). I haven't had a look at `system-auth` yet, not sure what's applicable for it. It was my understanding that if I wanted 2FA for loging it would be under `login`? – Index Feb 22 '18 at 10:01