Cannot login with Nitrokey and pam_u2f.so

I am trying to configure a passwordless graphical login with a Nitrokey 3. I followed these instructions

(https://docs.nitrokey.com/nitrokeys/features/u2f/desktop-login)

as far as they were applicable, i.e. I installed nitrokey rules (device is recognized and working for KeepassXC and as a second factor for websites like this one), installed libpam-u2f and created a key in

/etc/Nitrokey/u2f_keys

I use Manjaro with KDE Plasma and ssdm as the login manager. So I thought I would add the line

auth            sufficient      pam_u2f.so authfile=/etc/Nitrokey/u2f_keys cue [cue_prompt=Please touch the device.] prompt nouserok

to /etc/pam.d/sddm. This had an effect, just not the one I was hoping for.

What I expected was that I would see a prompt in ssdm to touch the device, and that I could log in by touching the nitrokey.

All I get is the usual password prompt. Touching the nitrokey has no effect. However, if I input the password and press enter, now there is a very long login delay, after which the desktop appears. However, if I touch the nitrokey during this delay, the delay is aborted and I get to the desktop instantly.

What am I doing wrong?

Hmm nevermind, it seems like this is a known problem:

https://github.com/sddm/sddm/issues/1333
1 Like

Why don’t you try the by Archlinux wiki recommended passwordless login?

2 Likes

thanks, I had not seen that page

1 Like

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.