pam_wtid
sekey
pam_wtid | sekey | |
---|---|---|
2 | 4 | |
57 | 2,419 | |
- | 0.0% | |
0.0 | 0.0 | |
almost 2 years ago | over 1 year ago | |
Python | Rust | |
- | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
pam_wtid
-
Use TouchID to Authenticate Sudo on macOS
Does watch unlock now work natively with pam_tid? I know as of at least a few months ago it would only work if you could use touch ID, i.e. when the laptop was open. If it was docked, it would fall back to password auth.
I wrote a patcher that changed this behavior, it patched pam_tid directly on your system and just updates the API Apple calls to allow unlocking with watch-only when touch ID is unavailable:
https://github.com/inickt/pam_wtid
Was a fun reverse engineering experience and wrote up some more info in the README.
- Show HN: Patching Apple's Touch ID PAM module to add sudo watch authentication
sekey
- Use TouchID to Authenticate Sudo on macOS
-
Apple/Google/Microsoft to accelerate rollout of passwordless sign‑in standard
> relaying auth requests to your phone for approval and storing secrets in the Secure Enclave
Like https://github.com/kryptco/kr [key stored in a [...] mobile app]?
Also, newer Macs have a Secure Enclave (supports 256-bit secp256r1 ECC keys):
https://github.com/maxgoedjen/secretive [storing and managing SSH keys in the Secure Enclave [...] or a Smart Card (such as a YubiKey)]
https://github.com/sekey/sekey [Use Touch ID / Secure Enclave for SSH Authentication!]
- Use Touch ID for Sudo on Mac
-
How often should I rotate my SSH keys?
Similar to the recommendations to use a YubiKey/hardware token, SeKey on a Mac lets you use a key generated in the Secure Enclave in an unexportable form (https://github.com/sekey/sekey)
What are some alternatives?
pam-watchid - PAM plugin module that allows the Apple Watch to be used for authentication
secretive - Store SSH keys in the Secure Enclave
Qubes-scripts - Scripts that help with administration and usage of Qubes OS
WSL-Hello-sudo - Let's sudo by face recognition of Windows Hello on Windows Subsystem for Linux (WSL). It runs on both WSL 1 and WSL 2. This is a PAM module for Linux on WSL.
dotfiles.nix - My dotfiles in NIX
howdy - 🛡️ Windows Hello™ style facial authentication for Linux
openssh-sk-winhello - A helper for OpenSSH to interact with FIDO2 and U2F security keys through native Windows Hello API
toucli - Use TouchID and the Secure Enclave to encrypt data from the commandline.
sudo-touchid - A fork of `sudo` with Touch ID support.
Fedora-KDE-Yubikey-U2F-2FA-Logins-Guide - Guide to setup a Yubikey for Fedora KDE as 2FA using U2F for the SDDM login screen, lock screen, sudo and su.
webauthn - Web Authentication: An API for accessing Public Key Credentials