Docs/quick-docs
2
0
Fork 0
Code Issues 48 Pull requests 1 Projects Releases Packages Wiki Activity Actions

FIDO2 potential to brick #819

New issue
Open
opened 2025-03-06 13:35:41 +00:00 by lokan · 0 comments
lokan commented 2025-03-06 13:35:41 +00:00
Copy link

When following the instructions for adding a Yubikey with u2f authentication, the instructions could perhaps be a bit clearer or expanded. Because before adding a line to a PAM module, you need to also either:
run: sudo authselect select sssd with-pam-u2f
or really make sure the line you add is below system-auth.

I did both the second time around so I can't verify which one fixes it, but if you don't properly do this but set it in: /etc/pam.d/sudo, your machine is now "bricked" because you can't authenticate as root anymore.

Fairly easily fixable if you plug a live cd usb in, but still.
Would be nice if anyone knows which of the above mentioned causes the issue and maybe we could add either like a CAUTION: line or the additional install line.

When following the instructions for adding a Yubikey with u2f authentication, the instructions could perhaps be a bit clearer or expanded. Because before adding a line to a PAM module, you need to also either: run: sudo authselect select sssd with-pam-u2f or really make sure the line you add is below system-auth. I did both the second time around so I can't verify which one fixes it, but if you don't properly do this but set it in: /etc/pam.d/sudo, your machine is now "bricked" because you can't authenticate as root anymore. Fairly easily fixable if you plug a live cd usb in, but still. Would be nice if anyone knows which of the above mentioned causes the issue and maybe we could add either like a CAUTION: line or the additional install line.
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
main
No results found.
Labels
Clear labels   
bug

Something isn't working

  
Closed As
complete
Closed with the reason of complete

  
Closed As
duplicate
Closed with the reason of duplicate

  
Closed As
insufficient data
Closed with the reason of insufficient data

  
Closed As
moved
Closed with the reason of moved

  
Closed As
not possible
Closed with the reason of not possible

  
Closed As
out of scope
Closed with the reason of out of scope

  
Closed As
stale
Closed with the reason of stale

  
good first issue

Good for newcomers (if you want to get involved, try working on one of these!)

  
help wanted

Anyone is welcome to help us with this!

  
improvement

Improves on something that already exists

  
needs changes

Needs changes or fixes before closing

  
needs committer review

Needs review by a person with committer privileges or a subject-matter expert (SME)

  
needs info

Extra attention or information needed

  
new change

Adds new capabilities or functionality

  
Priority
awaiting triage
Priority of awaiting triage

  
Priority
needs review
Priority of needs review

  
Priority
next meeting
Priority of next meeting

  
Priority
waiting on assignee
Priority of waiting on assignee

  
Priority
waiting on external
Priority of waiting on external

No labels
bug
Closed As
complete
Closed As
duplicate
Closed As
insufficient data
Closed As
moved
Closed As
not possible
Closed As
out of scope
Closed As
stale
good first issue
help wanted
improvement
needs changes
needs committer review
needs info
new change
Priority
awaiting triage
Priority
needs review
Priority
next meeting
Priority
waiting on assignee
Priority
waiting on external
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: Docs/quick-docs#819
No description provided.
Delete branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?