Relevant information:

https://fedoramagazine.org/login-challenge-response-authentication/

Regards.,

Hello, @hhlp I would like to resolve this issue.

Hello, @hhlp I would like to resolve this issue.

Yes of course, @binayakbehera999

Let me know is you have any issue, any help is always Welcome...

Regards.,

@hhlp I am ready to solve this issue, however, I am new to open source and would really appreciate it if you could guide how to get started with this issue and what suggest what changes are required?

Hmm, just going through various set ups and use cases. My guess is that
https://fedoramagazine.org/login-challenge-response-authentication/ suffices (at least for my primary use case).

More advanced, to use 2fa with LUKS,
https://mutschler.eu/linux/install-guides/fedora-post-install/#yubikey-two-factor-authentication-for-luks might be helpful. Specifically the latter points to https://github.com/eworm-de/mkinitcpio-ykfde/blob/master/README-dracut.md - which looks interesting, but I have no capacity to audit this process.

Agreed on docs meeting 2022-12-28
AGREED: Regarding issue 153 we will transfer the wiki page
(https://fedoraproject.org/wiki/Using_Yubikeys_with_Fedora)

action pboy

Transferred Wiki page to QuickDocs:
https://docs.fedoraproject.org/en-US/quick-docs/using-yubikeys/

Would be helpful, if someone would proofread (not necessarily review!) it, if I missed something or introduced new typos.

@pboy There are a few typos. You can search the article with the the text below (or portions of each line below). I've put a comment in brackets beside each one. Cheers.

Yubico’s online authentication. servers. [why is there a period there]

If you want to be able to upload you key to Yubico, in order to authenticate [upload your key]

The value is in plain hex, not modhex and ''exactly'' 12 character long. [12 characters long]

USB based [? should this be hyphenated]

one time password [? should this be hyphenated]

kdm based [? should this be hyphenated]

The YubiCloud is the standard method, [? remove comma after method]

Mind that the ''debug'' part is purely so we can see some output, [ ? remove comma after output]

Next we will tell it which user is authenticated [ ? should Next have a comma]

you should flip on the allow_ypbind boolean first, because [ ? remove comma after first]

The next time you open a console (local, not ssh session) and attempt to login you [? add a comma after login]

Tap your yubikey to input an OTP and, hopefully, you will be logged in successfully [? are the commas correct]

In this section we will cover those. [? comma after section]

In the previous section we configured [? comma after section]

As a reminder, here is our line we’ve been using: [maybe "the line" ?]

In the following guide we will use the older [comma after guide ?]

we will use the older and more powerful commandline [hyphenate commandline ?]

There is a gui for this command: [should it be capitalized GUI ?]

and the gui is easy to use and self explanatory [GUI ? and hyphen in self-explanatory ?]

For this first example we are going to write a new [? comma after first example]

That way I do not [comma after That way ?]

The fixed option specifies the public ID of the Yubikey [inconsitent capitalization of yubikey, it's lowercase elsewhere in the document]

This is referred to as the 'prefix' later on, when we go uploading it [when we upload it ? when we will upload it ?]

The Yubikey has to make sure no ambiguity arises: there are many different kinds of keyboard layouts and the scancodes have to be interpreted [very long sentence, possibly talk out unecessary words]

PR #564 merged. Closing this issue now.

https://pagure.io/fedora-docs/quick-docs/pull-request/564