471367 – Add support for Google Authenticator OTP auth method in SDDM theme

Bug 471367 - Add support for Google Authenticator OTP auth method in SDDM theme

Summary: Add support for Google Authenticator OTP auth method in SDDM theme

Status:	CONFIRMED

Alias:	None

Product:	plasmashell
Classification:	Plasma
Component:	Theme - Breeze (other bugs)
Version First Reported In:	5.24.7
Platform:	Ubuntu Linux

Importance:	NOR wishlist
Target Milestone:	1.0
Assignee:	Plasma Bugs List

URL:
Keywords:

Depends on:
Blocks:

Reported:	2023-06-23 07:10 UTC by Vaishakh
Modified:	2023-09-14 23:06 UTC (History)
CC List:	4 users (show)

See Also:
Latest Commit:
Version Fixed In:
Sentry Crash Report:

Attachments
Add an attachment

Note You need to log in before you can comment on or make changes to this bug.

Description Vaishakh 2023-06-23 07:10:33 UTC

SUMMARY
***
NOTE: If you are reporting a crash, please try to attach a backtrace with debug symbols.
See https://community.kde.org/Guidelines_and_HOWTOs/Debugging/How_to_create_useful_crash_reports
***
Getting Locked out of system when Google Authenticator Two Factor Authentication is enabled for login. There is no option in the login screen to enter OTP verification code, so cant login to the system once logout. Two Factor Authentication is an essential feature since there is rise in XOR DDOS Attacks and also it is necessary for all organisations switching to linux desktop to secure their systems from unauthorised access. We added Google Two Factor Authentication because our systems are affected with XOR DDOS Attacks.

I am giving more details about XOR DDOS here
https://www.microsoft.com/en-us/security/blog/2022/05/19/rise-in-xorddos-a-deeper-look-at-the-stealthy-ddos-malware-targeting-linux-devices/

If we dont put Two Factor Authentication our systems are constantly brute forced by attackers and gaining access. So Two Factor Authentication is essential for the security of the system.

Also other UI's for system update etc are affected by this bug which will not ask for OTP Verification code.

STEPS TO REPRODUCE
1. Enable Google Authenticator OTP
2. Log out and Log In Again
3. Cant find option to enter OTP verification code gets locked out of system

OBSERVED RESULT

Gets Locked out and cant gain access to system.

EXPECTED RESULT

Should show textfield to enter OTP verification code.

SOFTWARE/OS VERSIONS
Windows:
macOS:
Linux/KDE Plasma: Ubuntu 22.04 LTS
(available in About System)
KDE Plasma Version: Plasma Version 5.24.7
KDE Frameworks Version: 5.92.0
Qt Version: 5.15.3

ADDITIONAL INFORMATION

Comment 1 Nicolas Fella 2023-06-23 09:21:09 UTC

> 1. Enable Google Authenticator OTP

How do you do this?

Comment 2 Vaishakh 2023-06-23 09:41:10 UTC

You can add Two Factor Authentication by installing libpam-google-authenticator package.
More detailed explanation can be read here. Works good with gnome desktop.

https://www.digitalocean.com/community/tutorials/how-to-configure-multi-factor-authentication-on-ubuntu-18-04

Comment 3 Nate Graham 2023-09-14 21:16:14 UTC

Thanks. As you've discovered, SDDM doesn't support this Yes, as you've discovered, our SDDM theme doesn't support this feature yet. :) I'd recommend not using the feature until we do.

Comment 4 Janet Blackquill 2023-09-14 23:06:50 UTC

What does your pam configuration look like?