Bug 388516

Summary: Support "partially saved" password (for tokens like yubikey)
Product: [Plasma] plasmashell Reporter: OlafLostViking <olaf.the.lost.viking>
Component: Networking in generalAssignee: Jan Grulich <jgrulich>
Status: CONFIRMED ---    
Severity: wishlist CC: alex, jgrulich, kde, nate
Priority: NOR    
Version First Reported In: master   
Target Milestone: 1.0   
Platform: Arch Linux   
OS: Linux   
Latest Commit: Version Fixed/Implemented In:
Sentry Crash Report:

Description OlafLostViking 2018-01-04 08:59:44 UTC 
I use a yubikey to connect to an OpenVPN server. For now I told plasma-nm to not save the password so I get prompted everytime. There I enter a "fixed" password and append a one time one with the help of the yubikey (just behaves like a keyboard). So just the normal password dialog/logic is needed.

It would be nice, if plasma-nm could save the fixed password part and just let me enter the rest. F.ex. by having another drop-down option "Save password ... and prompt every time." while setting the cursor right after the saved and pre-filled out password. Like that I won't have to enter the fixed password and can just trigger the yubikey entry after clicking on Connect.

PS: I don't think this is related to #350521 , as we don't need any special challenge/response.
Comment 1 Ben Cooksley 2024-12-23 18:25:59 UTC 
Bulk transfer as requested in T17796
Comment 2 Nate Graham 2025-06-04 18:43:12 UTC 
Sorry no one looked at this yet. If you're still using such a setup, can you explain the advantage of it? Why not let the Yubikey generate the whole password?
Comment 3 OlafLostViking 2025-06-05 12:34:04 UTC 
Hi, Nathan!

> Sorry no one looked at this yet.
Don't worry, that's normal ;-). Thank you for having a look yourself! Much appreciated.

> If you're still using such a setup, can you explain the advantage of it?
I no longer work at that company. But their internal authentication, also needed for the VPN, combined your static password with a dynamic part from a Yubikey. If I remember correctly, the Yubikey wasn't protected by a PIN so that it works everywhere (most password prompts aren't able to ask for a PIN). Therefore the static password can probably be seen as the "I know" and the key as the "I have" factor.

But as I no longer work there, I won't be able to test anything!
Comment 4 AlexLG 2025-06-05 12:46:19 UTC 
Hello, I have the same use case on daily basis and still have.

For now, when logging to the VPN, I have to copy/paste the "password" from my password manager then touch the yubikey in order to add some characters after the "static" password.

If I had a way to have the static password already defined in the field, I just have to touch the yubikey to log in, that would be really great :)
Comment 5 Nate Graham 2025-06-05 17:00:10 UTC 
Ok wow, I guess this is a bit more widespread than I had thought.