You are not logged in.
Hello,
I made a bug report at kde.org with this:
https://bugs.kde.org/show_bug.cgi?id=481143
Please read the report.
I managed to get it run with lightdm to login with fido2 but with kscreenlocker it didn't work.
Do i made it wrong?
Last edited by Chris2000SP (2024-02-15 18:24:34)
Offline
I have found the Issue. I had 2 keys in the key file. That didn't work. I solved it by putting 2 lines in the pam.d file with "sufficient" and "required" and two different key files. With this it works with two different Fido2 sticks.
EDIT: And Kscreenlocker had no bug. That was my own fault.
Cheers
Last edited by Chris2000SP (2024-02-15 18:29:38)
Offline
If 2 keys are in a single line (with matching user entry) as described in pam_u2f docs, it works to have only one key file. But only, if the key file is per-user configured (e.g. with authfile=./.u2f_key). Then openasuser is the default mode! And this works in /etc/pam.d/kde:
auth sufficient pam_u2f.so authfile=./.u2f_key
I haven't tried the system-wide configuration with world-readable keys mapping file, but if the system-wide key-file is setup in normal way (only root access) without any extra options, then this fails:
auth sufficient pam_u2f.so authfile=/etc/u2f_mappings
It may not work, because the screen locker does not have sufficient rights to access a root-only readable file.
This was found by try and error. At least I didn't found it in the Arch Wiki or somewhere else.
Offline
Well, 2 keys, in a single line, as described in pam_u2f docs, in a system-wide configuration file, and referenced in one line in /etc/pam.d/kde is what works on my system in order to unlock the screen lock by touching the key. With either key, they're treated the same.
The only difference I see to the second scenario described above in #3 is that my mappings file is not restricted to root access, as I have 644 permissions on it.
Edit: I just tried and changed perms to 640. Doesn't work then. So, it is down to the file being world-readable for this to work.
Last edited by libertepourmoi (2024-04-20 18:24:20)
Offline