Yubikey authentication
Deployment
libtool
Patch per user: https://git.alt.tf/snippets/3
After each login the per user file is owned by
root:root
.
/etc/pam.d/common-auth
auth [success=3 default=ignore] pam_unix.so nullok_secure auth [success=2 default=ignore] pam_ldap.so use_first_pass auth [success=1 default=ignore] pam_hotp.so peruser usersfile=.hotp window=10 digits=8 use_first_pass auth requisite pam_deny.so auth required pam_permit.so