安装

# 安装依赖
yay -S libfido2
yay -S pam-u2f

# 插入fido key 并生成key 文件

pamu2fcfg > ~/.config/fido/fido.key
# 需要触摸一下fido key

# 编辑文件
/etc/pam.d/system-local-login

# 加入一行

auth sufficient pam_u2f.so authfile=/home/c/.config/fido/fido.key cue

# 如果需要sudo也可以用fido认证,则在/etc/pam.d/sudo中也加入上面那一行即可

❯ cat sudo
#%PAM-1.0
auth sufficient pam_u2f.so authfile=/home/c/.config/fido/fido.key cue
auth        include        system-auth
account        include        system-auth
session        include        system-auth

参考资料

https://wiki.archlinux.org/title/Universal_2nd_Factor
https://old.reddit.com/r/Fedora/comments/akck9m/authenticating_with_gdm_and_sudo_with_a_u2f/

标签: none