alejandro-angulo/dotfiles
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity

Configured login with yubikey

Browse source
This commit is contained in:
Alejandro Angulo 2022-09-21 22:57:48 -07:00
parent 4aafa57e5a
commit ee956f735e
1 changed files with 17 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

17
system/carbon/configuration.nix
View file

@ -109,6 +109,10 @@
wireguard-tools wireguard-tools
prusa-slicer prusa-slicer
yubikey-manager
yubikey-agent
yubico-pam
]; ];
# Some programs need SUID wrappers, can be configured further or are # Some programs need SUID wrappers, can be configured further or are
@ -161,6 +165,19 @@
pulse.enable = true; pulse.enable = true;
}; };
services.pcscd.enable = true;
security.pam.yubico = {
enable = true;
#debug = true;
mode = "challenge-response";
# Uncomment below for 2FA
#control = "required";
};
# To set up, need to run (might need to run as root)
# ykman otp chalresp --touch --generate 2
# ykpamcfg -2 -v
# Open ports in the firewall. # Open ports in the firewall.
# networking.firewall.allowedTCPPorts = [ ... ]; # networking.firewall.allowedTCPPorts = [ ... ];
# networking.firewall.allowedUDPPorts = [ ... ]; # networking.firewall.allowedUDPPorts = [ ... ];