From 9ddb16b7146db0eb8355a6eb409fc0c69bc31ae1 Mon Sep 17 00:00:00 2001
From: Harald Hoyer <harald@redhat.com>
Date: Fri, 16 Nov 2018 10:02:14 +0100
Subject: [PATCH] add quirks/yubico.sh

---
 quirks/yubico.sh | 15 +++++++++++++++
 1 file changed, 15 insertions(+)
 create mode 100755 quirks/yubico.sh

diff --git a/quirks/yubico.sh b/quirks/yubico.sh
new file mode 100755
index 0000000..9187a63
--- /dev/null
+++ b/quirks/yubico.sh
@@ -0,0 +1,15 @@
+#!/bin/bash -ex
+
+#
+# Quirk to enforce login and sudo with a Yubikey
+#
+
+[[ -f "$sysroot"/etc/pam.d/sudo ]] && \
+sed -i -e 's#auth\s*include\s*system-auth#auth     required pam_yubico.so mode=challenge-response\nauth     include  system-auth#g' \
+    "$sysroot"/etc/pam.d/sudo
+
+[[ -f "$sysroot"/etc/pam.d/gdm-password ]] && \
+sed -i -e 's#auth\s*substack\s*password-auth#auth required pam_yubico.so mode=challenge-response\nauth        substack      password-auth#g' \
+    "$sysroot"/etc/pam.d/gdm-password
+
+: