Solokey, pam.d choice = confusion

Hello all.
I’m looking for some clarity surrounding the etc/pam.d/ files i need to edit to secure my system with u2f.

I have auth required working with sudo which was an obviously named file.
I also added auth required to sddm.
But it seems i can still unlock the system (initial login requires u2f as expected) and i can still use pamac with only a password.

Does anyone know a resource for which files relate to what in etc/pam.d ?

Or should I apply the scatter gun and document my journey?

Thanks in advance.


Might want to check this SoloKey Tap USBA - FIDO2 Build Support for 5.4.95-1-lts / Kernel & Hardware / Arch Linux Forums
and this Universal 2nd Factor - ArchWiki

1 Like

Thanks Bogdan, appreciate the help.
It’s interesting that none of the guides or wikis I’ve read mention that Systemd-homed doesnt have fido2 as a default as shown the arch forum post, it’s not something that would ever occurred to me.

Interesting that 2fa does work with login, sudo/su and yet not with other things.
How would i determine if I’m not using the correct pam.d/ files or if it IS the Systemd-homed that is stopping me.

Would the fact that the user in that post is trying to use a luks / as his secret location and that is managed by Systemd-homed where as I’m only trying to set it up in ~?

Time for me to do some reading.
Thanks again for the pointer. :slight_smile: