388516 – Support "partially saved" password (for tokens like yubikey)

Bug 388516 - Support "partially saved" password (for tokens like yubikey)

Summary: Support "partially saved" password (for tokens like yubikey)

Status:	CONFIRMED

Alias:	None

Product:	plasmashell
Classification:	Plasma
Component:	Networking in general (other bugs)
Version First Reported In:	master
Platform:	Arch Linux Linux

Importance:	NOR wishlist
Target Milestone:	1.0
Assignee:	Jan Grulich

URL:
Keywords:

Depends on:
Blocks:

Reported:	2018-01-04 08:59 UTC by OlafLostViking
Modified:	2025-06-05 17:00 UTC (History)
CC List:	4 users (show)

See Also:
Latest Commit:
Version Fixed/Implemented In:
Sentry Crash Report:

Attachments
Add an attachment

Note You need to log in before you can comment on or make changes to this bug.

Description OlafLostViking 2018-01-04 08:59:44 UTC

I use a yubikey to connect to an OpenVPN server. For now I told plasma-nm to not save the password so I get prompted everytime. There I enter a "fixed" password and append a one time one with the help of the yubikey (just behaves like a keyboard). So just the normal password dialog/logic is needed.

It would be nice, if plasma-nm could save the fixed password part and just let me enter the rest. F.ex. by having another drop-down option "Save password ... and prompt every time." while setting the cursor right after the saved and pre-filled out password. Like that I won't have to enter the fixed password and can just trigger the yubikey entry after clicking on Connect.

PS: I don't think this is related to #350521 , as we don't need any special challenge/response.

Comment 1 Ben Cooksley 2024-12-23 18:25:59 UTC

Bulk transfer as requested in T17796

Comment 2 Nate Graham 2025-06-04 18:43:12 UTC

Sorry no one looked at this yet. If you're still using such a setup, can you explain the advantage of it? Why not let the Yubikey generate the whole password?

Comment 3 OlafLostViking 2025-06-05 12:34:04 UTC

Hi, Nathan!

> Sorry no one looked at this yet.
Don't worry, that's normal ;-). Thank you for having a look yourself! Much appreciated.

> If you're still using such a setup, can you explain the advantage of it?
I no longer work at that company. But their internal authentication, also needed for the VPN, combined your static password with a dynamic part from a Yubikey. If I remember correctly, the Yubikey wasn't protected by a PIN so that it works everywhere (most password prompts aren't able to ask for a PIN). Therefore the static password can probably be seen as the "I know" and the key as the "I have" factor.

But as I no longer work there, I won't be able to test anything!

Comment 4 AlexLG 2025-06-05 12:46:19 UTC

Hello, I have the same use case on daily basis and still have.

For now, when logging to the VPN, I have to copy/paste the "password" from my password manager then touch the yubikey in order to add some characters after the "static" password.

If I had a way to have the static password already defined in the field, I just have to touch the yubikey to log in, that would be really great :)

Comment 5 Nate Graham 2025-06-05 17:00:10 UTC

Ok wow, I guess this is a bit more widespread than I had thought.