Open ThatOneCalculator opened 6 months ago
We use PAM for authentication so if you configure totp with Yubikey you should be able to get 2fa in Cockpit. This is a duplicate of https://github.com/cockpit-project/cockpit/issues/15860
2FA/TOTP with a YubiKey isn't the same as using Webauthn with a Yubikey.
Overlooked that, but regardless implementing passkey/webauthn is a lot of work afaik there are no off the shelve solutions for this.
Modern browsers provide a built in API https://developer.mozilla.org/en-US/docs/Web/API/Web_Authentication_API
As for the backend, webauthn data is commonly sent as a JSON Web Token (JTW), and most modern backend web frameworks have a single-line solution to verify JWTs. https://jwt.io/libraries
Since right now all it takes to get in through the web interface is a username & password, being able to enforce the use of something like a Yubikey (like I do with my ssh keys) would be great.