archlinux
[Feature Request] Option to login with Fido2
Please provide an option to avoid setting up passwords and instead support the use of fido2 hmac-secret extension for local user login.
Additionally, this could be combined with #1285 to provide home encryption with fido2 hmac-secret as well
I like the idea :) Will have to read up on how that is done.
I'm not sure if it is possible to do it in a way that would be compatible with every login manager, but generally you'd configure a PAM module for this sort of thing
https://wiki.archlinux.org/title/Universal_2nd_Factor#Installing_the_PAM_module
I like the idea :) Will have to read up on how that is done.
I'm not sure if it is possible to do it in a way that would be compatible with every login manager, but generally you'd configure a PAM module for this sort of thing
Systemd-homed has implemented this in some way already. Though I would very much prefer to have a general solution for this outside of systemd. In any case, there is probably some helpful hints about the pam integration in their repo.
https://wiki.archlinux.org/title/Universal_2nd_Factor#Installing_the_PAM_module
Please note that u2f as provided by pam-u2f is not the same as fido2 hmac secret. Only the later can be used as a shared secret to provide additional options for encryption.
I'm actually interested in checking out systemd-homed anyway for other reasons, especially portable installs or net-boot:ed machines like PXE and stuff.