1

So i've setup passwordless thru FIDO2 by adding

auth sufficient pam_u2f.so authfile=/home/me/.config/FIDO2/u2f_keys

having followed the instructions on the yubico page to generate the u2f_keys code

It's working great as an additional factor of authentication but I'd like it to be the only one (ie, we are going passwordless) or at least the primary form of authentication. Right now logging in and sudo'ing results in it asking for a password and then asking to tap the key.

Dan D
  • 11

1 Answers1

0

I guess you are referring to this guide from yubico. The guide says:

Add the line below after the “@include common-auth” line.

auth required pam_u2f.so

So if you still have the line @include common-authin your pam file you will get these rules, too. Check the rules inside this file or remove the line completely (attention, you might lock yourself out)

Janning
  • 1,967