Bug 2432442

Summary: NetworkManager has started requiring user auth before starting vpns
Product: [Fedora] Fedora Reporter: Kevin Fenzi <kevin>
Component: NetworkManagerAssignee: Lubomir Rintel <lkundrak>
Status: CLOSED DUPLICATE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: unspecified    
Version: rawhideCC: bgalvani, ffmancera, ihuguet, jvaclav, lkundrak, mclasen, ngompa13, opensource, rstrode, vbenes, vondruch
Target Milestone: ---   
Target Release: ---   
Hardware: aarch64   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: ---
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2026-02-16 17:56:19 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Kevin Fenzi 2026-01-23 17:45:28 UTC 
I am not sure when this happened, it's been going on a while now, but finally filing this. 

It used to be from inside a local desktop session if you selected a vpn it would just start and ask you for any creds needed for the connection.

Now it asks for the local user password before allowing the connection. After entering the local user password it asks for any creds needed by the connection. 

This happens in both gnome and kde so I don't think it's a desktop related issue.

Happy to gather logs or try things.

Reproducible: Always
Comment 1 Vít Ondruch 2026-02-06 11:33:54 UTC 
Same here. This is reproducible also from command line. This asks for elevated privileges:

~~~
$ nmcli connection up 1\ -\ Red\ Hat\ Global\ VPN --ask 
You need to authenticate to access the Virtual Private Network “1 - Red Hat Global VPN”.
Password (vpn.secrets.password): ••••••••••••••
Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/21)
~~~

While the dialog can be workaround by using `sudo`


This is what can be seen in the log:

~~~
úno 06 12:30:29 vondruch-thinkpadx1carbongen13.tpbc.csb NetworkManager[1649]: <info>  [1770377429.0569] agent-manager: agent[5c8d84d5a89f72df,:1.504/nmcli-connect/16025]: agent registered
úno 06 12:30:29 vondruch-thinkpadx1carbongen13.tpbc.csb NetworkManager[1649]: <info>  [1770377429.0584] audit: op="connection-activate" uuid="e69b124b-50a8-4458-8859-5e68c3f19460" name="1 - Red Hat Global VPN" pid=45491 uid=16025 result="fail" reason="Connection '1 - Red Hat Global VPN' is already active"
úno 06 12:30:37 vondruch-thinkpadx1carbongen13.tpbc.csb polkit-agent-helper-1[45464]: pam_sss(polkit-1:auth): authentication success; logname=vondruch uid=16025 euid=0 tty= ruser=vondruch rhost= user=vondruch
úno 06 12:30:37 vondruch-thinkpadx1carbongen13.tpbc.csb audit[45464]: AUDIT1100 pid=45464 uid=16025 auid=16025 ses=3 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:authentication grantors=pam_usertype,pam_usertype,pam_sss acct="vondruch" exe="/usr/lib/polkit-1/polkit-agent-helper-1" hostname=? addr=? terminal=? res=success'
úno 06 12:30:37 vondruch-thinkpadx1carbongen13.tpbc.csb audit[45464]: AUDIT1101 pid=45464 uid=16025 auid=16025 ses=3 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix,pam_sss,pam_permit acct="vondruch" exe="/usr/lib/polkit-1/polkit-agent-helper-1" hostname=? addr=? terminal=? res=success'
úno 06 12:30:41 vondruch-thinkpadx1carbongen13.tpbc.csb NetworkManager[1649]: <warn>  [1770377441.4063] vpn[0x5603ffe1b370,e69b124b-50a8-4458-8859-5e68c3f19460,"1 - Red Hat Global VPN"]: secrets: failed to request VPN secrets #3: User canceled the secrets request.
~~~

Testing with:

~~~
$ rpm -qf `which nmcli`
NetworkManager-1.55.91-3.fc44.x86_64
~~~
Comment 2 Kevin Fenzi 2026-02-16 17:29:14 UTC 
So, is this the same thing as 2437985 ?
Comment 3 Beniamino Galvani 2026-02-16 17:56:19 UTC 
yes, closing as duplicate

*** This bug has been marked as a duplicate of bug 2437985 ***