So I know, that this is probably just supposed to be a lightweight, KISS lua implementation of PAM, but I was wondering, if it was possible to add support for other Pam-authentication modes (such as yubikey auth).
I know, that yubikey auth is setup properly on my system, since I do not need a Password on sudo, or sudo login.

I had a quick glance at the docs, and know, that this is a really hard improvement.
As a starter, have a look at the following: pam_sm_authenticate

EDIT: pam_sm_authenticate is as far as i can see for pam Service Modules

There is a yubikey pam module, but i have no yubikey, so cannot write and test for yubikey, sorry.

This Issue is more meant for general pam-module auth, so other auth factors than password can be used. There are also U2F modules. Honestly more, than one could imagine. If I really want support I'll do a pr.
Until then, I think that we should keep this open, if you don't think, that this is out of place.
As for the yubikey-pam module: I have it installed, it is just, that this application ONLY supports password.

This Issue is more meant for general pam-module auth, so other auth factors than password can be used.

A good idea, i will try to find some ways later if i have time.

Ok, so something interesting, I have a working version (sadly not cross distro). I changed the service name to common-auth (that's where I defined my yubikey auth) and added a pam_end() call at the end.
I will have to check, on how to get it working with login as the service name.