I was inspired by a related mail to send out this doas auth diff again. Hopefully my phone won't ruin the formatting.
. . . . . Add a type to auth_userokay() to allow for giving a specific authentication method for doas in login.conf, e.g. staff:\ ... :auth-doas=yubikey:\ :auth=passwd:\ :tc=default: OK? /Alexander Index: doas.c =================================================================== RCS file: /cvs/src/usr.bin/doas/doas.c,v retrieving revision 1.14 diff -u -p -r1.14 doas.c --- doas.c 20 Jul 2015 01:04:37 -0000 1.14 +++ doas.c 21 Jul 2015 07:43:53 -0000 @@ -341,7 +341,7 @@ main(int argc, char **argv, char **envp) } if (!(rule->options & NOPASS)) { - if (!auth_userokay(myname, NULL, NULL, NULL)) { + if (!auth_userokay(myname, NULL, "auth-doas", NULL)) { syslog(LOG_AUTHPRIV | LOG_NOTICE, "failed password for %s", myname); fail();