Usage of usb gnuk token
NIIBE Yutaka
gniibe at fsij.org
Mon Nov 12 07:27:15 CET 2018
akktor <akktor at net-c.ca> wrote:
> Hi. I have ubuntu 18.04. I have fst-01. I want to use it with login and
> sudo command.
>
> What should I do?
I maintain Poldi in Debian, which offers PAM module with OpenPGP card /
Gnuk Token. Attached is my patch to configure lightdm for Poldi, for
your reference. No, I don't use that other than testing Poldi. It's
for your reference only. I use etc-keeper for files under /etc, and the
patch is to show what kinds of files you need to provide. It's for my
key and my login. You need to change login name and key informtion.
For detail, please read Poldi documentation.
After just putting "RETURN" for the prompt of lightdm, you enter PIN for
your token and then, you can login by token's singing data and
computer's verification of the signature. Here, PIN input is required,
because it's OpenPGP card.
Please note that Poldi is expelimental software, which is not well
designed and implemented, in my opinion.
I think that the use case of Gnuk Token for OpenPGP signing/decryption
is quite different to the use case for local machine login / sudo using
cryptographic key.
And... from the viewpoint of device access by OS to an application, the
use case for login and the use case of sudo is also different.
In my opinion, while I'd somehow understand the demand to use a single
"security device" for all such usages, it's not good idea to mix things.
--
-------------- next part --------------
A non-text attachment was scrubbed...
Name: etc-changes-poldi-lightdm.patch
Type: text/x-diff
Size: 2110 bytes
Desc: etc-changes-poldi-lightdm.patch
URL: <https://lists.gnupg.org/pipermail/gnuk-users/attachments/20181112/59725092/attachment.patch>
More information about the Gnuk-users
mailing list