sys-auth/ykpers, the yubikey personalisation utility, in connection with sys-auth/pam_yubico can be used for local offline authentication in challenge-response mode (https://github.com/Yubico/yubico-pam/wiki/LocalAuthenticationUsingChallengeResponse). This works only for root or processes running with root privileges. My screensaver for example has no access to the device. This can be fixed by including the udev rules from the ykpers source (https://github.com/Yubico/yubikey-personalization). I simply copied them to /lib/udev/rules.d/ and now can unlock my screensaver by touching the yubikey. Reproducible: Always Steps to Reproduce: 1.activate challenge-response mode in pam_yubico 2. 3. Actual Results: ssh logins work but xscreensaver does not (fails with no access to yubikey device) Expected Results: xscreensaver should unlock
the udev rules require consolekit, and are installed with USE=consolekit.