Adding to my own question after doing some further research:

This appears to be a bug in SSSD.
https://bugzilla.redhat.com/show_bug.cgi?id=1276868
It was fixed via commit https://git.fedorahosted.org/cgit/sssd.git/commit/?id=4a01e6a6fd66e622b80739472a0aa06d1c79a6a9 on 3/14/2016.

I am wondering why this has yet to be released for centos 7.2 yet? There have been two sssd updates since then, the latest 9 days ago and it does not appear that it was included. I also wonder how something so basic could slip through the cracks? It would appear it has never worked. I understand weird / odd use case bugs, but this is out of the box clean install no modifications - simply turn on 2FA and test sudo.

On 05/21/2016 02:41 PM, Ken Bass wrote:
And the main reason I am posting - sudo 2FA:

To test, I created a new usergroup called 'superusers'. And defined a sudo rule for 'ALL'. When I log in using a 2FA enabled account and type 'sudo -l' I get the
loop of

-sh-4.2$ sudo -l
First Factor:
Sorry, try again.
First Factor:

It will not accept the correct password.

--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to