-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy pathconfigureFIDO2Authentication
More file actions
executable file
·39 lines (32 loc) · 1.41 KB
/
configureFIDO2Authentication
File metadata and controls
executable file
·39 lines (32 loc) · 1.41 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
#!/usr/bin/env bash
sudo touch /etc/u2f_mappings
sudo chmod 600 /etc/u2f_mappings
pamu2fcfg --pin-verification --username="${USER}" | tee /etc/u2f_mappings
for i in /etc/pam.d/login /etc/pam.d/sudo; do
echo '
#%PAM-1.0 [0/165]
auth sufficient pam_u2f.so authfile=/etc/u2f_mappings cue pinverification=always
auth required pam_unix.so
account include system-auth
password include system-auth
session optional pam_keyinit.so revoke
session required pam_limits.so
session include system-auth
' | sudo tee "${i}"
done
echo '
auth sufficient pam_u2f.so authfile=/etc/u2f_mappings cue pinverification=always
auth include postlogin
account required pam_nologin.so
account include password-auth
password substack password-auth
-password optional pam_gnome_keyring.so use_authtok
session required pam_selinux.so close
session required pam_loginuid.so
session required pam_selinux.so open
session optional pam_keyinit.so force revoke
session required pam_namespace.so
session include password-auth
session optional pam_gnome_keyring.so auto_start
session include postlogin
' | sudo tee /etc/pam.d/gdm