mirror of
https://pagure.io/fedora-docs/quick-docs.git
synced 2024-11-28 14:56:35 +00:00
pages/yubikey: remove note on setting secontext
The access to the ~/.yubico directory is done using the PAM module, not sshd directly. PAM sets the context of that directory to auth_home_t which PAM is allowed to access. No need to set the context to ssh_home_t. Apart from that using chcon is a volatile operation and not intended for persistent changes which was the intent of the note though. The label would be reset in a system recovery scenario.
This commit is contained in:
parent
93f06ff422
commit
4274f89f00
1 changed files with 0 additions and 5 deletions
|
@ -82,11 +82,6 @@ If you have SELinux on the enforcing mode (the default mode), you should flip on
|
|||
|
||||
[source, bash]
|
||||
[…]$ sudo setsebool -P allow_ypbind=1
|
||||
|
||||
Also, in order to allow sshd to access /root/.yubico/authorized_yubikeys, you should change its context:
|
||||
|
||||
[source, bash]
|
||||
[…]$ chcon -R system_u:object_r:ssh_home_t:s0 /root/.yubico
|
||||
====
|
||||
|
||||
For challenge-response use the following:
|
||||
|
|
Loading…
Reference in a new issue