seojeong.kim is a 2fa user. so, I can see prompt is like below. but the current max failure attempt is 4. so after I have 4 times failed attempts, ssh prompt changes to Password : Is this normal working? Can I keep First Factor/Second Factor prompt for 2fa user even when failure attempts reach to the max count ?
(seojeong.kim@myhost) First Factor: (seojeong.kim@myhost) Second Factor: (seojeong.kim@myhost) First Factor: (seojeong.kim@myhost) Second Factor: (seojeong.kim@myhost) First Factor: (seojeong.kim@myhost) Second Factor: (seojeong.kim@myhost) First Factor: (seojeong.kim@myhost) Second Factor: (seojeong.kim@myhost) First Factor: (seojeong.kim@myhost) Password :
/etc/sssd/sssd.conf is like below. [prompting/password] password_prompt = Password : [prompting/2fa] single_prompt = False first_prompt = First Factor: second_prompt = Second Factor:
Because, the main reason why I ask if I can keep "First Factor/Second Factor "after max failure attempts is...
I enabled SSSD offline authentication.
if SSSD be goes to offline, ssh prompt changes from "First Factor/Second Factor" to "Passowrd:".
But If I get 'Password:' prompt for the locked user, offline and lockout status can't be identified by the prompt in the user's perspective.
Am Tue, Nov 19, 2024 at 04:57:11AM -0000 schrieb seojeong kim via sssd-users:
Because, the main reason why I ask if I can keep "First Factor/Second Factor "after max failure attempts is...
I enabled SSSD offline authentication.
if SSSD be goes to offline, ssh prompt changes from "First Factor/Second Factor" to "Passowrd:".
But If I get 'Password:' prompt for the locked user, offline and lockout status can't be identified by the prompt in the user's perspective.
Hi,
my quess is that the "Password:" prompt is not coming from SSSD but from ssh's 'PasswordAuthentication'. If you disable this for the ssh client there should be no "Password: prompt anymore.
bye, Sumit
-- _______________________________________________ sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.o... Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
sssd-users@lists.fedorahosted.org