If you are wondering how you can login with a Yubikey into your system with SDDM, here are the steps:
Step 1: Install yubico-pam from [community].
Step 2: Edit the file
/etc/yubikeys and insert text in the following format:
<username>:<yubikey_token_id> # eg luca:cclcclcclccl
Step 3: Edit the file
/etc/pam.d/system-auth that it looks like the following. Note, that by editing this file you allow these users you specified in Step 2 to login nearly everywhere in your system with the yubikey.
#%PAM-1.0 auth sufficient pam_yubico.so debug id=1 authfile=/etc/yubikeys auth required pam_unix.so try_first_pass nullok # and more lines
Step 4: Now you should be able to use your Yubikey to login into your session, unlock the lockscreen and even use it for
If you don’t want global Yubikey authentication, you can also not add the line in step 3 into the
system-auth file but into the
sddm file in the
/etc/pam.d/ directory. But also note, that you won’t be able to use your Yubikey to unlock the lockscreen, just to login!
I hope this was helpful. If you have any questions, don’t hesitate to ask in the comments. You can also take a look at the Fedora wiki article about Yubikey authentication, which is much better than the Arch wiki at the moment.comments powered by Disqus