On Tue, May 5, 2020 at 1:19 AM Andy Pieters <syst...@andypieters.me.uk> wrote:
> > > On Mon, 4 May 2020 at 23:11, Mantas Mikulėnas <graw...@gmail.com> wrote: > >> >> >> So this is basically for implementing sudo-like caching for 2FA? >> >> > Yes that's exactly it. > > >> What authentication methods are involved here? >> > > Using yubikey + password when 2F is active, using hostkey when not > > >> Seems like there are better ways than a service file that permanently >> modifies /etc/group in the first place... Like a PAM module that literally >> touches a timestamp file. >> >>> OK that sounds promising. I had thought of systemd angle first and am > not that familiar with pam > I found https://linux.die.net/man/8/pam_timestamp is that what you meant? > That kind of module is exactly what I meant, yes. I would guess you can use it something like this: auth requisite pam_unix auth [success=1 default=ignore] pam_timestamp auth requisite pam_yubikey -- Mantas Mikulėnas
_______________________________________________ systemd-devel mailing list systemd-devel@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/systemd-devel
