Use one of many second factors authentication on PAM

To: Debian User <debian-user@lists.debian.org>
Subject: Use one of many second factors authentication on PAM
From: André Rodier <andre@rodier.me>
Date: Sun, 14 Nov 2021 17:57:53 +0000
Message-id: <[🔎] 7ef413d8-a72e-90d4-2ee3-c1b9fbdd3209@rodier.me>

Hello all,

I have been able to configure pam on Linux, to add two factorsauthentication for session, sudo, etc...

First, I tried Google authenticator and a code from my phone, and it isworking like a charm.

Then, I commented out the google-authenticator entry, and tried a U2Fkey. Again, this is working very well, and the light blink after I typethe password.

Same for a Yubikey, working like a charm, and I even have a clue messageon GDM "Please touch your device".


Now, I would like to achieve the following:

- Having my password as the first authentication, of course mandatory.
- Then, being able to use one of my second authentication device.

This is basically what we have on Google, for instance.

Any idea ?

Thanks for your answers.

𝓐𝓡 - André Rodier.

Reply to:

Follow-Ups:
- Re: Use one of many second factors authentication on PAM
  - From: Celejar <celejar@gmail.com>

Prev by Date: Re: preseeding Bullseye
Next by Date: Re: why Debian?
Previous by thread: Re: Re: obsolete content in 'Debian NEW and BYHAND Packages'?
Next by thread: Re: Use one of many second factors authentication on PAM
Index(es):
- Date
- Thread