Mailinglist Archive: opensuse-support (220 mails)

< Previous Next >
Re: [opensuse-support] 2FA for crypted disk
On Tue, 22 Jan 2019 10:01:30 +0100
Wolfgang Rosenauer <wolfgang@xxxxxxxxxxxxx> wrote:

Am 22.01.19 um 09:55 schrieb Andrei Borzenkov:
On Tue, Jan 22, 2019 at 11:07 AM Wolfgang Rosenauer
<wolfgang@xxxxxxxxxxxxx> wrote:

2) Show a link to the howto you found.

https://github.com/cornelinux/yubikey-luks

It relies on support for keyscript in /etc/crypttab, keyscript is
unsupported by systemd, openSUSE is using systemd so it will not
work. You will need to implement something to configure your device
outside of standard framework.

hmm, does not sound promising.
I didn't expect to touch undiscovered country trying to use a Yubikey
to unlock a crypto partition on openSUSE :-(
I cannot be the first one?


Wolfgang

This doesn't answer your question, but might have some useful hints.

https://forum.yubico.com/viewtopic2f91.html?f=23&t=1143&p=4295&hilit=linux+login+logon#p4295

It's instructions on using a Yubikey + password for logging in rather
than unlocking encrypted partitions. Read the whole post, especially the
screenshots by yubidoobydoo at the end. On openSUSE you need to install
pam_yubico rather than libpam-yubico.

--
Bob
< Previous Next >
Follow Ups