https://bugs.kde.org/show_bug.cgi?id=469684
Bug ID: 469684 Summary: KDE Polkit does not support Duo MFA Classification: Plasma Product: policykit-kde-agent-1 Version: unspecified Platform: Debian stable OS: Linux Status: REPORTED Severity: normal Priority: NOR Component: general Assignee: unassigned-b...@kde.org Reporter: s...@infoatrisk.com CC: d...@kde.org, jgrul...@redhat.com, jrez...@redhat.com Target Milestone: --- SUMMARY *** MFA configured through the Duo security provider does not work with any KDE Plasma components. This includes polkit calls from the desktop, as well as SDDM during login. *** STEPS TO REPRODUCE 1. Install Duo according to their instructions, either installing from a repo or building from source: https://duo.com/docs/duounix 2. Configure /etc/duo/pam_duo.conf and /etc/duo/login_duo.conf with a current ikey, skey, and api hostname 3. Configure /etc/pam.d/common-auth (or /etc/pam.d/system-auth and /etc/pam.d/password-auth if RHEL-based) with the appropriate /lib64/security/pam_duo.so call in accordance with Duo documentation: https://duo.com/docs/duounix OBSERVED RESULT Duo works appropriately in a terminal, requiring the OTP from the user before successfully authenticating, but fails in the graphical environment everywhere. SDDM login simply fails with no reason, and polkit prompts do not work properly. EXPECTED RESULT After a correct password is entered, a second text field is presented for the OTP to complete Duo authentication, much like it's handled in Gnome and XFCE. SOFTWARE/OS VERSIONS Linux/KDE Plasma: Debian 11 (available in About System) KDE Plasma Version: 4:5.20.5 ADDITIONAL INFORMATION Happy to help reproduce if anyone is confused. -- You are receiving this mail because: You are watching all bug changes.