Re: [opensuse-support] 2FA for crypted disk

On Tue, 22 Jan 2019 10:01:30 +0100 Wolfgang Rosenauer wrote:

Am 22.01.19 um 09:55 schrieb Andrei Borzenkov:

...

On Tue, Jan 22, 2019 at 11:07 AM Wolfgang Rosenauer wrote:

...

...

2) Show a link to the howto you found.

https://github.com/cornelinux/yubikey-luks

It relies on support for keyscript in /etc/crypttab, keyscript is unsupported by systemd, openSUSE is using systemd so it will not work. You will need to implement something to configure your device outside of standard framework.

hmm, does not sound promising. I didn't expect to touch undiscovered country trying to use a Yubikey to unlock a crypto partition on openSUSE :-( I cannot be the first one?

Wolfgang

This doesn't answer your question, but might have some useful hints. https://forum.yubico.com/viewtopic2f91.html?f=23&t=1143&p=4295&hilit=linux+login+logon#p4295 It's instructions on using a Yubikey + password for logging in rather than unlocking encrypted partitions. Read the whole post, especially the screenshots by yubidoobydoo at the end. On openSUSE you need to install pam_yubico rather than libpam-yubico. -- Bob