Bug 481143

Summary: pam_u2f didn't work
Product: [Plasma] kscreenlocker Reporter: Christopher W. <chris2000sp>
Component: generalAssignee: Plasma Bugs List <plasma-bugs>
Status: RESOLVED NOT A BUG    
Severity: wishlist CC: fanzhuyifan
Priority: NOR    
Version: 5.27.10   
Target Milestone: ---   
Platform: Arch Linux   
OS: Linux   
Latest Commit: Version Fixed In:

Description Christopher W. 2024-02-09 20:37:37 UTC 
SUMMARY
I configured successfully lightdm with PAM modul "pam_u2f" from yubico but with kscreenlocker didn't work.


STEPS TO REPRODUCE
1. sudo pacman -S extra/pam-u2f
2. sudo mkdir /etc/fido_key
3. sudo sh -c 'pamu2fcfg -u user >> /etc/fido_key/u2f_keys'
4. sudo sh -c 'cat /etc/pam.d/login >> /etc/pam.d/kde'
5. sudo sh -c 'echo "auth   sufficient   pam_u2f.so authfile=/etc/fido_key/u2f_keys" >> /etc/pam.d/kde'
6. Lock the Screen and try to unlock

OBSERVED RESULT
because of "sufficient" and not "required" it unlocks the screen immediately without Touching the Button on the Fido2 Stick after entering the password

EXPECTED RESULT
Unlock the screen if Touched the Button on Fido2 Stick after entering the password

SOFTWARE/OS VERSIONS
Linux/KDE Plasma: 
(available in About System)
KDE Plasma Version: 5.27.10
KDE Frameworks Version: 5.114.0
Qt Version: 5.15.12
Kernel-Version: 6.7.3-arch1-1 (64-bit)
Wayland

ADDITIONAL INFORMATION
-
Comment 1 fanzhuyifan 2024-02-09 21:01:28 UTC 
This sounds like a configuration/packaging issue rather than a KDE bug -- have you tried asking for support on the arch forums?
Comment 2 Christopher W. 2024-02-09 21:20:22 UTC 
I didn't ask them. I could try to ask in the arch forums.
Comment 3 Christopher W. 2024-02-12 14:31:38 UTC 
Found the issue. I had 2 keys in key file. That caused a problem with first key in file. Now kscreenlocker works.