SlackwareThis Forum is for the discussion of Slackware Linux.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Can I do anything on Slackware with a YubiKey (e.g., login, authenticate SSH sessions, use the YubiKey for sudo or su, etc.)? In other words: Does Slackware support any sort of two-step authentication or one-time password (OTP) authentication?
I use YubiKeys for two factor authentication on web services (instead of using Google Authenticator or text messages on a phone) and with PasswordSafe, but for actual login authentication it requires PAM. You can install/configure PAM if you want, but it isn't supported by default on Slackware. For actually setting up a YubiKey (for any use) you will need libyubikey, ykpers and yubikey-personalization-gui. I wrote some SlackBuilds for some older versions but I haven't updated them in a while -- I may update and submit them to SBo at some point in the future but in the meantime let me know if you want them as a starting point. I haven't played with PAM to get actual login/ssh/etc. authentication working on Slackware myself. The hardest part of that would be getting PAM working -- there are simple enough instructions for getting YubiKey authentication working, but since PAM is included with basically every other distro in the world they are only half the solution on Slackware.
It should be noted that ykpers includes udev rules that will not work with Slackware's udev-182 (unless newer versions added an extra udev rule). This one does, at least in 14.0 (but I am no udev expert so it perhaps isn't as elegant as it should be):
Code:
# Udev rules for letting the console user access the Yubikey USB
# device node, needed for challenge/response to work correctly.
ACTION=="add|change", SUBSYSTEM=="usb", \
ATTRS{idVendor}=="1050", ATTRS{idProduct}=="0010|0110|0111", \
MODE="0660", GROUP="yubikey"
It would require your user to be a member of a yubikey group (which you would have to create) to use challenge-response mode.
For actually setting up a YubiKey (for any use) you will need libyubikey, ykpers and yubikey-personalization-gui.
Yes, I built some packages for that back in June 2013, so I know about the YubiKey tools. I'm just not too familiar with two-factor or OTP authentication methods on Linux or, specifically, Slackware.
What about KWallet? How could I use a YubiKey to unlock a KWallet wallet so I don't have to enter a password every time it prompts me to unlock a wallet?
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.