Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Authentication Fails with Verification Based Two Factor Authentication #249

Closed
pucheGit opened this issue Oct 6, 2019 · 4 comments
Closed

Authentication Fails with Verification Based Two Factor Authentication #249

pucheGit opened this issue Oct 6, 2019 · 4 comments

Comments

@pucheGit
Copy link

pucheGit commented Oct 6, 2019

I'm submitting a…

[X] Bug
[X] Feature Request
[ ] Other (Please describe in detail)

Current Behavior

I use two factor authentication provided by libpam-google-authenticator, which provides two factor authentication verification codes. When using i3lock, I do not get prompted to input my verification code, nor am I able to login as verification always fails. The error appears in auth.log as i3lock(pam_google_authenticator)[27098]: Invalid verification code for XXXX. Although I believe this is likely considered a new feature, I labeled it as a bug as well because it breaks the functionality of i3lock in its current implementation.

Expected Behavior

i3lock should allow multiple inputs to PAM, as well as provide feedback if the password is accepted, so you know that it is time to input the verification code.

Reproduction Instructions

  • Enable libpam-google-authenticator in /etc/pam.d/common-session (If you would like further details on this I can provide them, but it is a straightforward process with numerous online guides, so I left the specifics out for brevity).
  • Create Verification Codes by running google-authenticator
  • Attempt to use i3lock

Environment

Output of i3lock --version:

i3lock: version 2.12-3-gf6e0218 (2019-09-27, branch "master") © 2010 Michael Stapelberg
@wlhlm
Copy link

wlhlm commented Dec 18, 2019

Does using password stacking work?

@Chan-PH
Copy link

Chan-PH commented Apr 20, 2020

Does using password stacking work?

It appears not working on my end. Does anyone here have any solution pertaining to this?

@Robert-L-Turner
Copy link

Same issue here and password stacking does not work. Not sure if its relevant but I actually get two errors:

[rturner@SSDarchlinux ~]$ journalctl | grep i3lock | tail -2
Jan 07 21:48:51 SSDarchlinux i3lock[3895]: pam_unix(i3lock:auth): authentication failure; logname= uid=1000 euid=1000 tty=:0 ruser= rhost=  user=rturner
Jan 07 21:48:51 SSDarchlinux i3lock[3895]: pam_systemd_home(i3lock:auth): Not a user managed by systemd-homed: No home for user rturner known

I guess on the positive side I can lock with i3lock, and then to unlock I can swap to another tty, log in with 2FA OTP and killall i3lock to get back into the session.

Is this specific to i3lock or an issue across with how (all?) lock screens interact with PAM?

https://wiki.archlinux.org/index.php/Talk:Systemd-homed

@stapelberg
Copy link
Member

Better PAM support is tracked in #217

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@stapelberg @wlhlm @Chan-PH @pucheGit @Robert-L-Turner