[HN Gopher] Using Yubikey with Pam Module
       ___________________________________________________________________
        
       Using Yubikey with Pam Module
        
       Author : yahsieh
       Score  : 11 points
       Date   : 2021-10-10 19:57 UTC (3 hours ago)
        
 (HTM) web link (yahes.space)
 (TXT) w3m dump (yahes.space)
        
       | aborsy wrote:
       | If the system is LUKS encrypted, is there a benefit to 2FA PAM?
       | 
       | You can set the pam to lock the system with 3 wrong passwords. In
       | this case, even a short pin like in a bank card would be good
       | too.
       | 
       | If there is no vulnerability in OS Lock Screen, the attacker
       | needs to reset a locked system to try the 4th password, in which
       | case they fall behind LUKS.
       | 
       | If there is a vulnerability, or a direct memory access attack is
       | used (very rare in my opinion), 2FA does not make a difference
       | here.
       | 
       | So what's the use of 2FA PAM if full disk encryption, and Pam
       | rate limit, are used?
        
         | gravypod wrote:
         | 2FA would help prevent escalation of privileges in some limited
         | situations. If you had my sudo password you still wouldn't be
         | able to do anything unless I click the button of my 2fa device.
        
       ___________________________________________________________________
       (page generated 2021-10-10 23:01 UTC)