Commit graph

1318 commits

Author SHA1 Message Date
w4tsn
ff8060af9f
pages/yubikey: add pam_u2f alternative
Apparently there is also pam_u2f as alternative to pam_yubico which is a
more general approach using the open FIDO2 / U2F standard. It's much
easier to setup as there are fewer possibilities and decisions to make.

This approach also supports more security keys like SoloKey v2 and
NitroKey 2/3 which could open possibility to create a dedicated security
key page for general key support in Fedora Linux.
2023-03-11 11:02:14 +01:00
w4tsn
e81caf8a5e
pages/yubikey: change yubicloud upload heading lvl
This heading belongs to the topic of writing a new AES key to Slot 1.
2023-03-11 10:03:52 +01:00
w4tsn
a8fa21279d
pages/yubikey: add a warning about resetting slot1 2023-03-11 10:03:12 +01:00
w4tsn
2099944d40
pages/yubikey: remove outdated notice
Since the last update from 2023-02-26 this Quick Doc is updated to
latest developments in used packages, YubiKey features and use in Fedora
Linux 37.
2023-03-11 09:53:56 +01:00
21f8895d16
Signed-off-by: Hanku Lee <allegrovelo@gmail.com>
README-md updated fully
2023-03-10 14:06:14 +00:00
25b25caa7f Merge #564 Review and update "Using Yubikey" page 2023-03-05 17:51:56 +00:00
9e63b8d2d4
Signed-off-by: Hanku Lee <allegrovelo@gmail.com>
image text and alt text added
2023-03-04 21:49:31 +00:00
7ac01af151
Signed-off-by: Hanku Lee <allegrovelo@gmail.com>
Image rendered and intro added
2023-03-04 00:46:10 +00:00
b84581f01d
Signed-off-by: Hanku Lee <allegrovelo@gmail.com>
image macro updated
2023-03-04 00:15:05 +00:00
e5dde980e6 Merge #566 QuickDoc issue 521 updated and images uploaded 2023-03-02 21:54:09 +00:00
w4tsn
970eb0ebb1
pages/yubikey: fix yubikey-manager gui package 2023-02-28 21:16:41 +01:00
w4tsn
099c592e5b
pages/yubikey: fix typo 2023-02-27 09:46:23 +01:00
w4tsn
b015b9954c
pages/yubikey: add warning about online auth method 2023-02-26 11:52:18 +01:00
w4tsn
dafcba9988
pages/yubikey: add note about using both auth methods 2023-02-26 11:50:50 +01:00
Francois Andrieu
ababdf39d2 remove exploded git tree repository that no longer exists 2023-02-22 20:00:37 +00:00
w4tsn
6619d128b8
pages/yubikey: fix key registration instructions
The instructions to register a key with the local account were
implicitly requiring challenge-response. Add the YubiCloud method based
instructions and also add an explicit command to configure
challenge-response in slot 2 of a key.
2023-02-20 20:31:33 +01:00
w4tsn
eae11f0488
pages/yubikey: add missing line in example 2023-02-19 12:01:00 +01:00
89ed69d141
Signed-off-by: Hanku Lee <allegrovelo@gmail.com>
QuickDoc issue 521 updated and images uploaded
2023-02-18 17:29:39 +00:00
w4tsn
90432a7376
pages/yubikey: fix several grammar issues 2023-02-18 11:00:39 +01:00
w4tsn
da454cc861
pages/yubikey: reformat flags of ykpersonalize
The man page of ykpersonalize uses a confusing format for providing
option flags. After tests although not documented in the man page it is
also possible to use an alternative format using spaces between option
flag and value. Also to note: the negative form of an option flag uses a
'-' symbol right in front of the value.

Also the slot selector -1 or -2 has to be supplied before any option
flag.
2023-02-18 10:48:26 +01:00
w4tsn
4274f89f00
pages/yubikey: remove note on setting secontext
The access to the ~/.yubico directory is done using the PAM module, not
sshd directly. PAM sets the context of that directory to auth_home_t
which PAM is allowed to access. No need to set the context to
ssh_home_t.

Apart from that using chcon is a volatile operation and not intended for
persistent changes which was the intent of the note though. The label
would be reset in a system recovery scenario.
2023-02-17 20:14:38 +01:00
Liam Coogan
83a5c07f6c Fix typo I made 2023-02-16 17:27:45 +00:00
Liam Coogan
2ba4312404 Fixing various typos and grammatical inaccuracies in the 'Getting Started' guide
See title
2023-02-15 12:55:38 +00:00
Liam Coogan
1ff1ee9ead Updating 'getting started' guide to reflect the root account being disabled by default on Fedora Workstation
This is my first commit so please correct me if there's something wrong here or feel free to change my wording, but I believe Fedora Workstation now disables the root account by default and instead adds the default user to the 'wheel' group.
2023-02-15 12:41:11 +00:00
w4tsn
93f06ff422
pages/yubikey: unify use of YubiKey spelling 2023-02-12 16:40:00 +01:00
w4tsn
a6b5d2490d
pages/yubikey: add OATH-TOTP to web auth section 2023-02-12 16:39:33 +01:00
w4tsn
05a7579f46
pages/yubikey: add section on OpenSSH client auth 2023-02-12 16:39:07 +01:00
w4tsn
b04799e7e9
pages/yubikey: add setup sections for other features 2023-02-12 16:38:28 +01:00
w4tsn
241c0afc5b
pages/yubikey: add a simple otp slot 2 example 2023-02-12 16:37:35 +01:00
w4tsn
a7c4670ec5
pages/yubikey: rework the local auth section
Changed the structure and content of the section to reflect more modern
tooling available in recent Fedora Linux distributions.

Simplified overall structure and added challenge-response configuration.

Removed the more complicated authfile option as it is an option for more
advanced use-cases but not necessary for a basic setup. More advanced
users may refer to the pam_yubico man page.

Added a warning about locking yourself out when using required
configuration.
2023-02-12 16:32:48 +01:00
w4tsn
26ca6635f0
pages/yubikey: add a section on backup keys
Due to the nature of hardware security tokens it is important to
consider backup keys right from the start, so added a section on that
topic.
2023-02-12 16:29:03 +01:00
w4tsn
d97e51eadc
pages/yubikey: update What is a YubiKey section
Added more use-cases than OTP to this section to give an overview on the
usual capabilities of modern YubiKeys like from the 5-series.
2023-02-12 16:27:35 +01:00
032d66455a #180-SwitchingDesktopEnvironment-edit-header
Header change and abstract
2023-02-11 19:40:01 +00:00
f311eb5589 #180-SwitchingDesktopEnvironment-edit-partials
updated groupinstall section
2023-02-11 19:36:26 +00:00
bd2d2f35bd Image paths corrected
Test for 1st image
2023-02-11 01:12:32 +00:00
7be1a5cc41 Reference section edit
Edited for language libraries, packages, and development toolchain
2023-02-09 22:57:58 +00:00
Michal Ambroz
853b7554a0 list apt equivalent of dnf update 2023-02-08 21:34:02 +00:00
Daiki Ueno
c93dcafa78 adding-new-certificates: Prefer to using "trust anchor" command
There are a couple of methods to install a certificate into the trust
store: using "trust anchor" or copying the file to
/etc/pki/ca-trust/source/anchors/.  The former is simpler and more
flexible as it doesn't require update-ca-trust and the installed
certificates can be removed with "trust anchor --remove".

For more context, see:
https://bugzilla.redhat.com/show_bug.cgi?id=2163554

Signed-off-by: Daiki Ueno <dueno@redhat.com>
2023-02-07 09:42:07 +09:00
Daiki Ueno
43f7068c07 Fix directory locations for distrusted certificates
The directory has been renamed from .../blacklist to .../blocklist in
all supported Fedora releases.

Signed-off-by: Daiki Ueno <dueno@redhat.com>
2023-02-07 07:43:23 +09:00
Anthony McGlone
322b9557da Small update (on reviewed grub articles) for consistency/style guidelines 2023-01-30 12:36:20 +00:00
Anthony McGlone
0271c0015e Reviewed partial proc_adding-other-operating-systems-grub2.adoc (#522) 2023-01-27 16:06:29 +00:00
Alan Bowman
275bc3ca0a Merge branch 'main' into 111-installing-from-source_branch
Merge commit
2023-01-26 21:44:31 -05:00
6b8b7b68c3 #521-finding-installing-apps-rewritten
Metadata and images not rendered. Images to follow.
2023-01-26 19:56:37 +00:00
6bc5c63b7f #180-SwitchingDE-edit-partials
Reference to desktop environment rather than package group
2023-01-26 18:14:22 +00:00
Anthony McGlone
ecd18ec31f Update link 2023-01-26 13:40:12 +00:00
Anthony McGlone
a00ca7d52a Updated partial proc_booting-with-configfile-on-different-partition.adoc (#522) 2023-01-26 11:41:07 +00:00
a49f93a460 180-Switching-DE-revised 2023-01-26 10:08:23 +00:00
Alan Bowman
d38ebb417d Merge branch 'main' into 111-installing-from-source_branch
Merging latest changes from main
2023-01-24 18:40:35 -05:00
Zdenek Dohnal
9d31cfee5e Mention Web UI URL explicitly 2023-01-24 15:16:04 +01:00
Alan Bowman
13b10825ef Update from review
- Fix "is are" agreement
- Change build comment
2023-01-23 19:02:36 -05:00