Hi Cristian, On 26.11.22 at 14:28 Cristian Rodríguez wrote:
On Wed, Nov 23, 2022 at 4:54 AM Johannes Kastl <kastl@b1-systems.de> wrote:
I am using pam_u2f to unlock my Plasma/KDE lock screen using a U2F device (the predecessor of FIDO).
This is one of those things.. that require a lot of additional work to be ready for primetime, I personally believe FIDO2 stuff needs to be a first-level, working by default authentication protocol for future distributions.. Windows hello already has it. maybe we need systemd-hellod :-)
I agree that it would be nice if this would be better known, as it really a nice feature. Especially as FIDO/U2F are also a nice 2nd factor for lots of websites already.
The first thing is one official pam upstream module, reviewed by pam developers, as I am not really convinced this pam_u2f module is very well tested or accounts for all corner cases.. then all the scary GUI stuff :-)
I cannot say anything regarding the quality of the code both in pam_u2f or the plasma lockscreen integration. In my case it seems like it is just a minor thing, as the "unlock" routine seems to be called once for each monitor. Kind Regards, Johannes -- Johannes Kastl Linux Consultant & Trainer Tel.: +49 (0) 151 2372 5802 Mail: kastl@b1-systems.de B1 Systems GmbH Osterfeldstraße 7 / 85088 Vohburg http://www.b1-systems.de GF: Ralph Dehner Unternehmenssitz: Vohburg / AG: Ingolstadt,HRB 3537