From Peter Kannewitz to ~abcdw/rde-devel
--- src/rde/features/security-token.scm | 83 +++++++++++++++++++++++++---- 1 file changed, 74 insertions(+), 9 deletions(-) diff --git a/src/rde/features/security-token.scm b/src/rde/features/security-token.scm index 94437733..ca69940a 100644 --- a/src/rde/features/security-token.scm +++ b/src/rde/features/security-token.scm @@ -1,13 +1,36 @@ (define-module (rde features security-token) #:use-module (rde features) #:use-module (gnu packages security-token) #:use-module (gnu services)[message trimmed]
From Peter Kannewitz to ~abcdw/rde-devel
On 2023-10-25 16:48, Andrew Tropin wrote: > On 2023-10-24 18:18, Peter Kannewitz wrote: > >> On 2023-10-24 18:34, Andrew Tropin wrote: >> >>> On 2023-10-24 08:41, Peter Kannewitz wrote: >>>> Hi, >>> >>> Hi Peter! >> Hi Andrew :) >>>> the feature adds an easy way to integrate u2f user authentication to >>>> rde setup and is inspired by rsauex personal config >>>> (https://github.com/rsauex/dotfiles/blob/77e405cda4277e282725108528874b6d9ebee968/rsauex/services/pam-u2f.scm).
From Peter Kannewitz to ~abcdw/rde-devel
On 2023-10-24 18:34, Andrew Tropin wrote:
> On 2023-10-24 08:41, Peter Kannewitz wrote:
>> Hi,
>
> Hi Peter!
Hi Andrew :)
>> the feature adds an easy way to integrate u2f user authentication to
>> rde setup and is inspired by rsauex personal config
>> (https://github.com/rsauex/dotfiles/blob/77e405cda4277e282725108528874b6d9ebee968/rsauex/services/pam-u2f.scm).
>> Although manual intervention is required to use it, in order to extract
>> the identifier from the security token. If the feature is approved, I can
>> add some documentation on how to use it in the manual, and also some
>> general notes on security token usage.
[message trimmed]
From Peter Kannewitz to ~abcdw/rde-devel
Hi,
the feature adds an easy way to integrate u2f user authentication to
rde setup and is inspired by rsauex personal config
(https://github.com/rsauex/dotfiles/blob/77e405cda4277e282725108528874b6d9ebee968/rsauex/services/pam-u2f.scm).
Although manual intervention is required to use it, in order to extract
the identifier from the security token. If the feature is approved, I can
add some documentation on how to use it in the manual, and also some
general notes on security token usage. I have made all arguments
optional for ease of use, this could also still be changed (don't now
what the general policy is therefore). Since the default control is
"sufficient", you won't be able to lock yourself out of your system,
even if no security-token is used.
[message trimmed]
From Peter Kannewitz to ~abcdw/rde-devel
--- src/rde/features/mail.scm | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/rde/features/mail.scm b/src/rde/features/mail.scm index 17426200..931ebd82 100644 --- a/src/rde/features/mail.scm +++ b/src/rde/features/mail.scm @@ -340,6 +340,8 @@ Citation line format, message signature, gpg and msmtp configurations. " (port . 587))) (hosteurope-de . ((host . "smtp.hosteurope.de") (port . 587))) (posteo . ((host . "posteo.de") (port . 587)))[message trimmed]
From Peter Kannewitz to ~abcdw/rde-devel
--- src/rde/features/mail.scm | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/src/rde/features/mail.scm b/src/rde/features/mail.scm index 17426200..c8d8fc94 100644 --- a/src/rde/features/mail.scm +++ b/src/rde/features/mail.scm @@ -1087,6 +1087,9 @@ control whether to NOTIFY? when new emails arrive." (define hosteurope-de-isync-settings (generate-isync-serializer "imap.hosteurope.de" hosteurope-de-folder-mapping)) (define posteo-isync-settings (generate-isync-serializer "posteo.de" gandi-folder-mapping))[message trimmed]
From Peter Kannewitz to ~abcdw/rde-discuss
> Hi Peter, Hi Andrew, > I use yubikey 5C Nano with rde. I don't remember exact steps I > performed, but I used the following very extensive guide: > https://github.com/drduh/YubiKey-Guide Thank you for the reference. I followed a similar but less extensive guide: https://docs.nitrokey.com/nitrokey3/linux/openpgp-keygen-backup. > Document all the steps during configuration and share them, please. I exactly followed the steps of the guide and got it working now. Also
From Peter Kannewitz to ~abcdw/rde-discuss
Hi, i am currently trying to setup a security token (nitrokey 3) with OpenPGP capabilities on rde system. When trying to run gpg --card-satus or gpg --edit-card it fails with output: "gpg: selecting card failed: No such device". Feature-gnupg and feature-security-token are part of my system. I already tried to restart pcscd service and to add ccid package as firmware. Has anyone tried to accomplish something similar with greater success? -- Best regards, Peter