Thanks. It makes sense to be able to select login methods under some circumstances - but do I have an option of forcing the user to log in using a predetermined set of methods (for instance, password and then a secure key, or password and Yubkey, or password and SSL key)?
On Tue, Mar 26, 2019 at 1:59 PM Todd C. Miller <todd.mil...@sudo.ws> wrote: > On Tue, 26 Mar 2019 11:11:35 -0400, Daniel Jakots wrote: > > > On Tue, 26 Mar 2019 10:01:59 -0400, Boris Epstein > > <borepst...@gmail.com> wrote: > > > > > Hello listmates, > > > > > > Let's say I have the following configured in my /etc/login.conf > > > > > > auth-defaults:auth=password,skey,yubikey > > > > > > Would that mean either password, or skey, or Yubikey, or should they > > > all be satisifed? > > > > Either. Then you can pick which is used when you run the software, for > > instance with sudo it's the -a flag. > > Also, for programs that take a username, you can usually append the > auth method after the username, separted with a colon. For example, > for ssh you can do things like: > > ssh myname:skey@somehost > > - todd >