Pitch: Improving your login security with Fedora challenge-
response authentication
Summary: Setting up Fedora with HW Keys for Local Challenge-
Response Secure Logins using available repository packages
Description: The purpose of this article would be to describe what a
Challenge-Response login is, and how the reader can setup their Fedora
workstation to accept challenge-response logins for PAM in Fedora
27/28/29. The article would educate the users while performing a step
by step setup of challenge-response authentication via PAM for sudo and
GDM login. This article would promote using a local challenge-response
authentication via a HW token/key/card for securing the users Fedora
workstation.
Article flow would be as follows:
* What is Challenge-Response Security and how does it work?
* What is the difference between local and remote challenge
response?
(For remote OATH, will refer to Imacken's 27-
Jan-2017 and Fedora Wiki articles)
* Guiding principles to selecting HW security keys'
* Configuration and verification testing of HW keys
* Downloading, installing and configuring challenge-response
repository packages
* Safely testing and verifying challenge-response
authentication with sudo
* Implementing GDM Login challenge-response on Fedora
Thoughts, critiques and comments are most welcome,
--
-me
Michael Erwin
michael.t.erwin(a)gmail.com
This email is RFC 1925 compliant and composed on 99.9%
recycled electrons, so please print responsibly.