Adding to my own question after doing some further research:
This appears to be a bug in SSSD.
https://bugzilla.redhat.com/show_bug.cgi?id=1276868
It was fixed via commit
https://git.fedorahosted.org/cgit/sssd.git/commit/?id=4a01e6a6fd66e622b80739472a0aa06d1c79a6a9
on 3/14/2016.
I am wondering why this has yet to be released for centos 7.2 yet? There
have been two sssd updates since then, the latest 9 days ago and it does
not appear that it was included. I also wonder how something so basic
could slip through the cracks? It would appear it has never worked. I
understand weird / odd use case bugs, but this is out of the box clean
install no modifications - simply turn on 2FA and test sudo.
On 05/21/2016 02:41 PM, Ken Bass wrote:
And the main reason I am posting - sudo 2FA:
To test, I created a new usergroup called 'superusers'. And defined a
sudo rule for 'ALL'. When I log in using a 2FA enabled account and
type 'sudo -l' I get the
loop of
-sh-4.2$ sudo -l
First Factor:
Sorry, try again.
First Factor:
It will not accept the correct password.
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
