I was at NixCon 2024 and saw many people using YubiKeys, which sparked my interest. I do have one myself, but I have never used it beyond setting 2FA on some websites.
It was cool to see that one can use it to execute the sudo command without a password or even log into a gnome-session.
But setting things up is kind of a PITA… To have a normal functioning fingerprint scanner on my framework, I had to be lucky to stumble upon this comment on a GitHub issue, which is just stupid in a way. I tried replicating it using pure Nix, but I was not quite sure what I was doing since I have basically no knowledge about pam.
Now I wanted to setup the yubikey pam modules too, and there were some conflicts I had to resolve and it seems to work… somehow
But I still face the issue, when the yubikey is plugged in while gdm is starting, I can only use my fingerprint or yubikey, but not my password. Sure enough, why would I bother to type in my password, I can just use two other, more convenient, methods. But with those two, the gnome keyring does not start, and at some point I need to insert my password.
Long story short: for an ordinary user, it is annoying to configure certain things, and it would be cool to have some nice defaults that work together, or examples on how to make them work together nicely.