Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

MacOS Monterey 12.0.1 Screensaver_la displays passowrd login instead of verification code #206

Open
scope2229 opened this issue Dec 7, 2021 · 4 comments
Open

MacOS Monterey 12.0.1 Screensaver_la displays passowrd login instead of verification code #206

scope2229 opened this issue Dec 7, 2021 · 4 comments

Comments

@scope2229
Copy link

scope2229 commented Dec 7, 2021
edited
Loading

After installing with home and adding auth required /opt/homebrew/lib/security/pam_google_authenticator.so nullok to /etc/pam.d/screensaver_la causes the login screen to redirect to password input if i enter the code there you get password wrong. If you enter your password it also says password wrong.

If I add to /etc/pam.d/sudo the authenticator works as intended.
@ThomasHabets
Copy link
Collaborator

I'm not following. Please be precise in all the steps and configuration. And also add debug option and attach relevant log lines.

@scope2229
Copy link
Author

Fresh MacOS Monterey 12.0.1

install google-authenticator-libpam with brew install google-authenticator-libpam

run google-authenticator register with authy on mobile device

configure pam files to use 2FA
1: /etc/pam.d/sudo with auth required /opt/homebrew/lib/security/pam_google_authenticator.so nullok at the end of the file.
(outcome) run sudo nano /etc/pam.d/sudo in new terminal instance. enter password. after 2FA requests code. inputting code from mobile device returns success and opens the file.

2: /etc/pam.d/login with auth required /opt/homebrew/lib/security/pam_google_authenticator.so nullok at the end of the file.
(outcome) reboot or logout from user. login with password. Here i expect a request for a 2FA code with successful password entry. actual outcome is screen goes blank refreshes and a login with password request form. entering the 2FA code instead of the password results in failure wrong password. Entering correct password results in wrong password. Reboot into recovery edit login pam file to restore login functionality.

3: /etc/pam.d/screensaver with auth required /opt/homebrew/lib/security/pam_google_authenticator.so nullok at the end of the file.
(outcome) same outcome as 2

4: /etc/pam.d/screensaver_la with auth required /opt/homebrew/lib/security/pam_google_authenticator.so nullok at the end of the file.
(outcome) same outcome as 2

I'll try adding the debug option once i finish work and upload the logs.

@scope2229
Copy link
Author

Sorry on a mac where are the logs located.

@ThomasHabets
Copy link
Collaborator

Don't know. I've not used a mac since the mid 90s.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@ThomasHabets @scope2229