Hi, BP25 <b...@riseup.net> writes:
> Does anyone know how to use a security key with Guix for login > (unlocking the screensaver and waking up from suspend)? I'm using a security key to unlock the screensaver. I still need to press the power button to wake up the machine and hit enter to trigger the key. My setup is sway and swaylock for the screensaver. To get it working with my key I first needed to disable the PAM rules for swaylock [0]. Then added my own PAM rules for it [1] — which just specifies that authenticating with the key is sufficient. And that works ok. Only downside is that unlocking with only the password is slow. It will still prompt you to press the key and you would need to wait until that times out to unlock the screensaver. However If you don't have the key plugged in, unlocking with a password works as normal. > And if yes, which key would it be? I'm using a yubikey 5 NFC. But I would think any security key that supports the FIDO U2F protocol should work. As I'm using the pam-u2f module for this. > Would it work when the dm is exwm? The section 3.4 Using security > keys doesn't provide these info... I'm far from an expert when it comes to authentication and PAM. But if I understand things correctly as long as your screensaver is using PAM to authenticate then pam-u2f should work. Setting things up would be similar to what I did with swaylock. This email thread about Guix PAM service, might also be of help to you [2]. [0] https://git.sr.ht/~plattfot/plt/tree/58ecdc9a285261b1d974b9d3ace95337fc841c5e/item/plt/system/machines.scm#L178 [1] https://git.sr.ht/~plattfot/plt/tree/58ecdc9a285261b1d974b9d3ace95337fc841c5e/item/plt/system/u2f.scm [2] https://lists.gnu.org/archive/html/help-guix/2024-08/msg00028.html -- s/Fred[re]+i[ck]+/Fredrik/g
