YubiKey lock screen: Difference between revisions
From D3xt3r01.tk
Jump to navigationJump to search
m →What |
m →HOW |
||
| Line 13: | Line 13: | ||
Create a /etc/udev/rules.d/85-screen-lock-toggle.rules | Create a /etc/udev/rules.d/85-screen-lock-toggle.rules | ||
<source lang="bash"> | <source lang="bash"> | ||
SUBSYSTEM=="usb", ACTION=="remove", ENV{ID_VENDOR_ID}=="1050", ENV{ID_MODEL_ID}=="0010", ENV{ID_SERIAL_SHORT}==" | SUBSYSTEM=="usb", ACTION=="remove", ENV{ID_VENDOR_ID}=="1050", ENV{ID_MODEL_ID}=="0010", ENV{ID_SERIAL_SHORT}=="0001121136", RUN+="/usr/local/bin/gnome-lock enable" | ||
SUBSYSTEM=="usb", ACTION=="add", ENV{ID_VENDOR_ID}=="1050", ENV{ID_MODEL_ID}=="0010", RUN+="/usr/local/bin/gnome-lock disable" | |||
</source> | </source> | ||
| Line 31: | Line 32: | ||
user=`ps aux | grep gnome-screensaver | head -n 1 | awk '{print $1}'` | user=`ps aux | grep gnome-screensaver | head -n 1 | awk '{print $1}'` | ||
export DISPLAY=":0" | export DISPLAY=":0" | ||
if [ | if [ "$1" == "enable" ] | ||
then | then | ||
sudo -u ${user} /usr/bin/gnome-screensaver-command -l >> ${log} 2>&1 | sudo -u ${user} /usr/bin/gnome-screensaver-command -l >> ${log} 2>&1 | ||
else | |||
if [ -n ${user} -a "$(grep -c ${user}:$(ykinfo -q -s) /etc/yubikey_decmappings)" == "1" ] | |||
then | |||
sudo -u ${user} /usr/bin/gnome-screensaver-command -d >> ${log} 2>&1 | |||
fi | |||
fi | fi | ||
</source> | |||
Your /etc/yubikey_decmappings should contain user:key ( which key should be able to unlock what login if in multiple desktop environment ) | |||
==ISSUES== | |||
On an arch environment it has been said you need some other exports for this to work... | |||
<source lang="bash"> | |||
GNOME_SCREENSAVER_PROC=`ps xa | grep gnome-screensaver | head -n 1 | awk '{print $1}'` | |||
export `grep -z DBUS_SESSION_BUS_ADDRESS /proc/$GNOME_SCREENSAVER_PROC/environ` | |||
</source> | </source> | ||
Revision as of 10:55, 24 October 2012
What
I'm trying to make my fedora 17 ( gnome3 ) desktop lock the screen when it sees my yubikey removed from the usb slot.
HOW
Get the serial, idVendor, idProduct of the thing.
udevadm info -a -p $(udevadm info -q path -n /dev/hidraw0)Create a /etc/udev/rules.d/85-screen-lock-toggle.rules
SUBSYSTEM=="usb", ACTION=="remove", ENV{ID_VENDOR_ID}=="1050", ENV{ID_MODEL_ID}=="0010", ENV{ID_SERIAL_SHORT}=="0001121136", RUN+="/usr/local/bin/gnome-lock enable"
SUBSYSTEM=="usb", ACTION=="add", ENV{ID_VENDOR_ID}=="1050", ENV{ID_MODEL_ID}=="0010", RUN+="/usr/local/bin/gnome-lock disable"Also you should probably reload the rules:
udevadm control --reload-rulesAnd you should create the 2 scripts (you'll probably have to comment out default requirretty in /etc/sudoers) :
~# cat /usr/local/bin/gnome-lock
#!/bin/bash
log="/tmp/yubi_lock_log"
echo "$(date) $(whoami) '$0' '$1'" >> ${log}
user=`ps aux | grep gnome-screensaver | head -n 1 | awk '{print $1}'`
export DISPLAY=":0"
if [ "$1" == "enable" ]
then
sudo -u ${user} /usr/bin/gnome-screensaver-command -l >> ${log} 2>&1
else
if [ -n ${user} -a "$(grep -c ${user}:$(ykinfo -q -s) /etc/yubikey_decmappings)" == "1" ]
then
sudo -u ${user} /usr/bin/gnome-screensaver-command -d >> ${log} 2>&1
fi
fiYour /etc/yubikey_decmappings should contain user:key ( which key should be able to unlock what login if in multiple desktop environment )
ISSUES
On an arch environment it has been said you need some other exports for this to work...
GNOME_SCREENSAVER_PROC=`ps xa | grep gnome-screensaver | head -n 1 | awk '{print $1}'`
export `grep -z DBUS_SESSION_BUS_ADDRESS /proc/$GNOME_SCREENSAVER_PROC/environ`