######################################################################################  
  # Enable pam
  security.pam.u2f = {
   enable = true;
   settings = {
     interactive = true;
     cue = true;
   };
  };
  
  security.pam.services = {
  login.u2fAuth = true;
  sudo.u2fAuth = true;
  };
  
  security.pam.yubico = {
   enable = true;
   debug = true;
   mode = "challenge-response";
   ### *********************************************************************** ###
   id = [ "28860067" ]; #### Change for each yubikey, set for demo doug
   ### *********************************************************************** ###
  };

  services.pcscd.enable = true;
  
  # Locking the screen when a Yubikey is unplugged
  services.udev.extraRules = ''
      ACTION=="remove",\
       ENV{ID_BUS}=="usb",\
       ENV{ID_MODEL_ID}=="0407",\
       ENV{ID_VENDOR_ID}=="1050",\
       ENV{ID_VENDOR}=="Yubico",\
       RUN+="${pkgs.systemd}/bin/loginctl lock-sessions"
  '';
  
  
######################################################################################