[Freeipa-users] sudo 2FA not working
Ken Bass
kbass at kenbass.com
Sat May 21 19:07:17 UTC 2016
Adding to my own question after doing some further research:
This appears to be a bug in SSSD.
https://bugzilla.redhat.com/show_bug.cgi?id=1276868
It was fixed via commit
https://git.fedorahosted.org/cgit/sssd.git/commit/?id=4a01e6a6fd66e622b80739472a0aa06d1c79a6a9
on 3/14/2016.
I am wondering why this has yet to be released for centos 7.2 yet? There
have been two sssd updates since then, the latest 9 days ago and it does
not appear that it was included. I also wonder how something so basic
could slip through the cracks? It would appear it has never worked. I
understand weird / odd use case bugs, but this is out of the box clean
install no modifications - simply turn on 2FA and test sudo.
On 05/21/2016 02:41 PM, Ken Bass wrote:
> And the main reason I am posting - sudo 2FA:
>
> To test, I created a new usergroup called 'superusers'. And defined a
> sudo rule for 'ALL'. When I log in using a 2FA enabled account and
> type 'sudo -l' I get the
> loop of
>
> -sh-4.2$ sudo -l
> First Factor:
> Sorry, try again.
> First Factor:
>
> It will not accept the correct password.
More information about the Freeipa-users
mailing list