Short question: Is there a way (an official way) to use (any kind of) two-factor authentication on OpenSUSE when using KDE (KDM)?
On a few important servers, I am using two-factor authentication. The official OpenSUSE repositories are offering OPIE, so I am using this (on other systems, I tend to use the Google authenticator).
My requirement is that the user has to enter his or her regular password and the one-time code (so it’s an appropriate “auth required pam_opie.so” entry in the respective pam config files). PAM configuration is not the problem.
Consequently, all text-based stuff works perfectly (i.e., console login, ssh login, su, sudo…), but on the GUI level, I ran into a few problems:
- Graphical login (KDM): After entering the regular password, a dialog box pops up showing the OPIE challenge. Unfortunately, there is no field to enter the response
. There is just an OK button, and when a user selects that button, the login screen simply displays the respective “login incorrect” message. 1. kdesu: With two-factor authentication enabled, “kdesu” hangs indefinitely after having asked, and accepted, the regular user password.
As a sidenote, the KDE lock screen does work with two-factor authentication: Wenn I activate OPIE while being logged in, the unlock dialog of the lock screen properly asks both for the regular password, and for the OPIE response (while properly displaying the OPIE challenge). This gives me some hope that there might be two-factor support in KDE.
I am not familiar with KDM configuration, but an Internet search wasn’t conclusive - all I found out that G[not K]DM does support it (cf. http://blog.davidedmundson.co.uk/lightdm-google-authentication ) - but switching to Gnome is not my preferred option.
I hope that this question is appropriate here.