Bug 964677
| Summary: | mate-screensaver fails to unlock with multiple factor authentication in pam. | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | William Brown <william> |
| Component: | mate-screensaver | Assignee: | Dan Mashal <dan.mashal> |
| Status: | CLOSED INSUFFICIENT_DATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | medium | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 18 | CC: | dan.mashal, fedora, rdieter, stefano, unixi |
| Target Milestone: | --- | Keywords: | Reopened |
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2013-09-12 19:21:23 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
William Brown
2013-05-19 13:23:46 UTC
Please provide steps to configure two step auth Install pam_yubico MAKE SURE YOU LEAVE A ROOT TTY OPEN TO UNDO THE PAM CHANGES IF NEEDED into /etc/pam.d/system-auth-ac: #%PAM-1.0 # This file is auto-generated. # User changes will be destroyed the next time authconfig is run. auth required pam_env.so auth sufficient pam_fprintd.so #### ADD THE LINE BELOW auth required pam_yubico.so id=1 alwaysok=1 auth sufficient pam_unix.so nullok try_first_pass auth requisite pam_succeed_if.so uid >= 1000 quiet_success auth sufficient pam_sss.so use_first_pass auth required pam_deny.so You should now at the screensaver prompt that asks for two factors of authentication. The first will always succeed no matter what you type (Due to the alwaysok option) You should file out a issue report at https://github.com/mate-desktop/mate-screensaver for this to notify upstream. Ok, since 4 month no reaction from user, feel free to post here if i happens again, i will re-open the report in this case. Occurs on Fedora 22 also. I will be happy to provide additional information - please let me know what to capture / look for. --James [error_watch] gs-window-x11.c:1330 (10:46:35): command error output: [request_response] mate-screensaver-dialog.c:142 (10:46:35): got response: -2 [error_watch] gs-window-x11.c:1330 (10:46:36): command error output: [auth_message_handler] mate-screensaver-dialog.c:216 (10:46:36): Got message style 1: 'Password: ' [error_watch] gs-window-x11.c:1330 (10:46:36): command error output: [gs_lock_plug_enable_prompt] gs-lock-plug.c:1601 (10:46:36): Setting prompt to: Password: [error_watch] gs-window-x11.c:1330 (10:46:39): command error output: [request_response] mate-screensaver-dialog.c:142 (10:46:39): got response: -2 [lock_command_watch] gs-window-x11.c:1921 (10:46:39): command output: RESPONSE=OK [lock_command_watch] gs-window-x11.c:1943 (10:46:39): Got OK response Can you please open a new report for it? With all informations from logs. And provide information which second authentification modul you use. You can kill the screensaver process and start it in a terminal with mate-screensaver --debug |