Authentification is done by PAM - Pluggable Authentication Modules
Passwords are stored in /etc/shadow
passwordless login with yubikey on linux
HMAC-SHA1 Challenge-Response is specific for Yubikey only.
yubiko-pam - is yubikey-specific and relay on it's specific features,
pam-u2f - is generic and works with any keys supporting u2f and/or fido2.
auth required pam_u2f.so cue interactive
Set authentification with yubikey off-line with Challenge-Response so you dont have to type a password just touch the keyyubikey
install yubico pam package
# install chalenge to slot 1
# generate challenge file for slot 1
ykpamcfg -1 -v
man ykpamcfg
# install chalenge to slot 1
# generate challenge file for slot 1
ykpamcfg -1 -v
man ykpamcfg
/etc/pam.d/common-auth
#[success=1 new_authtok_reqd=ok ignore=ignore default=die]
auth required pam_echo.so "Touch the key"
auth sufficient pam_yubico.so mode=challenge-response authfile=/home/user/.yubico/challenge-xxxx
Install xscreensaver if you want to lock the screen
Autologin with desktop/login manager
autologin with lightdm:
/etc/lightdm/lightdm.conf -- uncomment the lines
/etc/lightdm/lightdm.conf -- uncomment the lines
autologin-user = sorin
autologin-user-timeout = 0
*Note if you cannot login with the user but you can with root check if you ran out of space. (df -h)
Autologin with systemd directly
Agetty is called by /bin/INIT and this calls /bin/login
/etc/systemd/system/getty.target.wants/getty@tty1.service
add -a my_username
ExecStart=-/sbin/agetty -a username - $TERM
remove the login options -o '-p -- \\u'
remove the login options -o '-p -- \\u'
To start X11 with xfce
~/.bash_profile
if [ -z "${DISPLAY}" ] && [ $(tty) = /dev/tty1 ]; then
startxfce4
fi
