mirror of
https://pagure.io/fedora-docs/quick-docs.git
synced 2024-11-24 21:35:17 +00:00
pages/yubikey: remove note on setting secontext
The access to the ~/.yubico directory is done using the PAM module, not sshd directly. PAM sets the context of that directory to auth_home_t which PAM is allowed to access. No need to set the context to ssh_home_t. Apart from that using chcon is a volatile operation and not intended for persistent changes which was the intent of the note though. The label would be reset in a system recovery scenario.
This commit is contained in:
parent
93f06ff422
commit
4274f89f00
1 changed files with 0 additions and 5 deletions
|
@ -82,11 +82,6 @@ If you have SELinux on the enforcing mode (the default mode), you should flip on
|
||||||
|
|
||||||
[source, bash]
|
[source, bash]
|
||||||
[…]$ sudo setsebool -P allow_ypbind=1
|
[…]$ sudo setsebool -P allow_ypbind=1
|
||||||
|
|
||||||
Also, in order to allow sshd to access /root/.yubico/authorized_yubikeys, you should change its context:
|
|
||||||
|
|
||||||
[source, bash]
|
|
||||||
[…]$ chcon -R system_u:object_r:ssh_home_t:s0 /root/.yubico
|
|
||||||
====
|
====
|
||||||
|
|
||||||
For challenge-response use the following:
|
For challenge-response use the following:
|
||||||
|
|
Loading…
Reference in a new issue