Description of problem: RHEL 9.2 ipa-server-4.10.1-8.el9_2.s390x Second Factor prompts in (password + OTP) are misleading. While the prompts would lead a user to enter the 2 factors in the separate prompts, they in fact needed to be entered in the first prompt only, or authentication failed." Actual results: The ssh prompts look like: First Factor: | Second Factor: Send automatic password (Using keyboard-interactive authentication) 1. If I supplied the password+OTP to the first factor, and nothing to the second factor, I get in. 2. However If the password and OTP are supplied to separate Factor prompts, the login fails. For the average user, the current prompting would be misleading. Expected results: There should only be a single prompt for password+OTP token. Regards, Danish Shaikh
I think this ticket is a duplicate of an old ticket: https://github.com/SSSD/sssd/issues/4846 It was marked as wontfix, hence moving to sssd component for a re-evaluation.
> There should only be a single prompt for password+OTP token. Please see `man sssd.conf`::PROMPTING CONFIGURATION SECTION::[prompting/2fa]::single_prompt Would this work for your use case?