hank-test/quick-docs
1
0
Fork 0
mirror of https://pagure.io/fedora-docs/quick-docs.git synced 2024-10-19 01:35:42 +00:00
Code Issues 1 Projects Releases Packages Wiki Activity Actions

pages/yubikey: remove note on setting secontext

Browse source 
The access to the ~/.yubico directory is done using the PAM module, not
sshd directly. PAM sets the context of that directory to auth_home_t
which PAM is allowed to access. No need to set the context to
ssh_home_t.

Apart from that using chcon is a volatile operation and not intended for
persistent changes which was the intent of the note though. The label
would be reset in a system recovery scenario.
This commit is contained in:
w4tsn 2023-02-17 20:14:38 +01:00
parent 93f06ff422
commit 4274f89f00
No known key found for this signature in database
1 changed files with 0 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
modules/ROOT/pages/using-yubikeys.adoc
View file

@ -82,11 +82,6 @@ If you have SELinux on the enforcing mode (the default mode), you should flip on
[source, bash]
[…]$ sudo setsebool -P allow_ypbind=1
Also, in order to allow sshd to access /root/.yubico/authorized_yubikeys, you should change its context:
[source, bash]
[…]$ chcon -R system_u:object_r:ssh_home_t:s0 /root/.yubico
====
For challenge-response use the following: