Git-Mirrors/qubes-doc
1
0
Fork 0
mirror of https://github.com/QubesOS/qubes-doc.git synced 2025-02-22 15:59:56 -05:00
Code Issues Packages Projects Releases Wiki Activity

migration to fido2: backward compatible policies names

Browse Source
This commit is contained in:
Piotr Bartman 2023-05-29 23:58:24 +02:00
parent 8b64b9d555
commit 3a3a39cd5f
No known key found for this signature in database
GPG Key ID: E386DC76B775C5C9
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
user/security-in-qubes/ctap-proxy.md
View File

@ -111,10 +111,10 @@ If your `twitter` qube makes an authentication request for your bank website, it
To enable this, create a file in dom0 named `/etc/qubes/policy.d/30-user-ctapproxy.policy` with the following content: To enable this, create a file in dom0 named `/etc/qubes/policy.d/30-user-ctapproxy.policy` with the following content:
``` ```
policy.RegisterArgument +ctap.GetAssertion sys-usb @anyvm allow target=dom0 policy.RegisterArgument +u2f.Authenticate sys-usb @anyvm allow target=dom0
``` ```
Next, empty the contents of `/etc/qubes-rpc/policy/ctap.GetAssertion` so that it is a blank file. Next, empty the contents of `/etc/qubes-rpc/policy/u2f.Authenticate` so that it is a blank file.
Do not delete the file itself. Do not delete the file itself.
(If you do, the default file will be recreated the next time you update, so it will no longer be empty.) Finally, follow your web application's instructions to enroll your token and use it as usual. (If you do, the default file will be recreated the next time you update, so it will no longer be empty.) Finally, follow your web application's instructions to enroll your token and use it as usual.
(This enrollment process depends on the web application and is in no way specific to Qubes CTAP.) (This enrollment process depends on the web application and is in no way specific to Qubes CTAP.)