Bug 481143 - pam_u2f didn't work
Summary: pam_u2f didn't work
Status: RESOLVED NOT A BUG
Alias: None
Product: kscreenlocker
Classification: Plasma
Component: general (show other bugs)
Version: 5.27.10
Platform: Arch Linux Linux
: NOR wishlist
Target Milestone: ---
Assignee: Plasma Bugs List
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2024-02-09 20:37 UTC by Christopher W.
Modified: 2024-02-12 14:31 UTC (History)
1 user (show)

See Also:
Latest Commit:
Version Fixed In:

Attachments
Add an attachment

Note You need to log in before you can comment on or make changes to this bug.
Description Christopher W. 2024-02-09 20:37:37 UTC 
SUMMARY
I configured successfully lightdm with PAM modul "pam_u2f" from yubico but with kscreenlocker didn't work.


STEPS TO REPRODUCE
1. sudo pacman -S extra/pam-u2f
2. sudo mkdir /etc/fido_key
3. sudo sh -c 'pamu2fcfg -u user >> /etc/fido_key/u2f_keys'
4. sudo sh -c 'cat /etc/pam.d/login >> /etc/pam.d/kde'
5. sudo sh -c 'echo "auth   sufficient   pam_u2f.so authfile=/etc/fido_key/u2f_keys" >> /etc/pam.d/kde'
6. Lock the Screen and try to unlock

OBSERVED RESULT
because of "sufficient" and not "required" it unlocks the screen immediately without Touching the Button on the Fido2 Stick after entering the password

EXPECTED RESULT
Unlock the screen if Touched the Button on Fido2 Stick after entering the password

SOFTWARE/OS VERSIONS
Linux/KDE Plasma: 
(available in About System)
KDE Plasma Version: 5.27.10
KDE Frameworks Version: 5.114.0
Qt Version: 5.15.12
Kernel-Version: 6.7.3-arch1-1 (64-bit)
Wayland

ADDITIONAL INFORMATION
-
Comment 1 fanzhuyifan 2024-02-09 21:01:28 UTC 
This sounds like a configuration/packaging issue rather than a KDE bug -- have you tried asking for support on the arch forums?
Comment 2 Christopher W. 2024-02-09 21:20:22 UTC 
I didn't ask them. I could try to ask in the arch forums.
Comment 3 Christopher W. 2024-02-12 14:31:38 UTC 
Found the issue. I had 2 keys in key file. That caused a problem with first key in file. Now kscreenlocker works.