[policykit-kde-agent-1] [Bug 469684] New: KDE Polkit does not support Duo MFA
bugzilla_noreply at kde.org
bugzilla_noreply at kde.org
Sat May 13 00:32:57 BST 2023
https://bugs.kde.org/show_bug.cgi?id=469684
Bug ID: 469684
Summary: KDE Polkit does not support Duo MFA
Classification: Plasma
Product: policykit-kde-agent-1
Version: unspecified
Platform: Debian stable
OS: Linux
Status: REPORTED
Severity: normal
Priority: NOR
Component: general
Assignee: unassigned-bugs at kde.org
Reporter: samz at infoatrisk.com
CC: drf at kde.org, jgrulich at redhat.com, jreznik at redhat.com
Target Milestone: ---
SUMMARY
***
MFA configured through the Duo security provider does not work with any KDE
Plasma components. This includes polkit calls from the desktop, as well as SDDM
during login.
***
STEPS TO REPRODUCE
1. Install Duo according to their instructions, either installing from a repo
or building from source: https://duo.com/docs/duounix
2. Configure /etc/duo/pam_duo.conf and /etc/duo/login_duo.conf with a current
ikey, skey, and api hostname
3. Configure /etc/pam.d/common-auth (or /etc/pam.d/system-auth and
/etc/pam.d/password-auth if RHEL-based) with the appropriate
/lib64/security/pam_duo.so call in accordance with Duo documentation:
https://duo.com/docs/duounix
OBSERVED RESULT
Duo works appropriately in a terminal, requiring the OTP from the user before
successfully authenticating, but fails in the graphical environment everywhere.
SDDM login simply fails with no reason, and polkit prompts do not work
properly.
EXPECTED RESULT
After a correct password is entered, a second text field is presented for the
OTP to complete Duo authentication, much like it's handled in Gnome and XFCE.
SOFTWARE/OS VERSIONS
Linux/KDE Plasma: Debian 11
(available in About System)
KDE Plasma Version: 4:5.20.5
ADDITIONAL INFORMATION
Happy to help reproduce if anyone is confused.
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the Unassigned-bugs
mailing list