-
Notifications
You must be signed in to change notification settings - Fork 58
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Add one-factor-authentication (non-interactive) (#65)
Adds one-factor-authentication without the need for the user to enter the challenge passphrase. The presence of the correct yubikey is sufficient. * changes to yubikey luks scripts, added readme and config relevant to the challenge password being included when one-factor authentication is used Co-authored-by: XOMBO <support@xombo.com>
- Loading branch information
Showing
3 changed files
with
52 additions
and
13 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,11 +1,29 @@ | ||
# If you change this file, you need to run | ||
# update-initramfs -u | ||
WELCOME_TEXT="Please insert yubikey and press enter or enter a valid passphrase" | ||
# Set to "1" if you want both your password and Yubikey response be bundled together and writtent to key slot. | ||
|
||
# Set to the prompt that appears when the LUKS password is needed to decrypt | ||
# the volume protected with a Yubikey | ||
WELCOME_TEXT="Please insert Yubikey and press enter or enter a valid passphrase" | ||
|
||
# Set to "1" if you want both your password and Yubikey response be bundled | ||
# together and written to the key slot | ||
CONCATENATE=0 | ||
|
||
# Set to "1" if you want to hash your password with sha256. | ||
HASH=0 | ||
|
||
# Set which Slot to use (1 or 2), defaults to 2 | ||
YUBIKEY_LUKS_SLOT=2 | ||
|
||
# Set this to "1" if you want to use Yubikey with suspend (default to 0) | ||
SUSPEND=0 | ||
|
||
# Set this to a previously-enrolled challenge password if you want to use 1FA | ||
# (one-factor authentication), which checks for the paired Yubikey's presence. | ||
# This will suppress the interactive prompt for the password during boot time. | ||
# If the Yubikey is not presetnt at boot time, then the password prompt | ||
# is displayed and will unlock if one of the LUKS slots is using that as | ||
# a normal password. This is weaker than 2-factor authentication, but allows | ||
# for an unattended boot so long as the Yubikey is present. | ||
# Leave this empty (or unset), if you want to do 2FA -- i.e. being asked for the password during boot time. | ||
# YUBIKEY_CHALLENGE="password" |