7591 – OTP with google-authentication fails on servers using SELinux

Bug 7591 - OTP with google-authentication fails on servers using SELinux

Summary: OTP with google-authentication fails on servers using SELinux

Status:	CLOSED INVALID

Alias:	None

Product:	ThinLinc
Classification:	Unclassified
Component:	VSM Server (show other bugs)
Version:	trunk
Hardware:	PC Unknown

Importance:	P2 Normal
Target Milestone:	4.13.0
Assignee:	Bugzilla mail exporter

URL:
Keywords:

Depends on:
Blocks:

Reported:	2020-11-18 16:19 CET by Niko Lehto
Modified:	2021-03-09 13:21 CET (History)
CC List:	0 users

See Also:
Acceptance Criteria:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Niko Lehto cendio

2020-11-18 16:19:22 CET

When trying to authenticate using OTP against an server using SELinux you get similiar error message to this:
>May 26 13:26:04 localhost.localdomain sshd(pam_google_authenticator)[2168]: Accepted google_authenticator for testuser
>May 26 13:26:04 localhost.localdomain sshd(pam_google_authenticator)[2168]: Failed to create tempfile "/home/testuser/.google_authenticator~6wwsWT": Permission denied
>May 26 13:26:04 localhost.localdomain sshd(pam_google_authenticator)[2168]: Failed to update secret file "/home/testuser/.google_authenticator": Permission denied
This error message is taken from bug that is reported on Red Hat bugzilla:
https://bugzilla.redhat.com/show_bug.cgi?id=1840113

There is a bug filed on SELinux too:
https://github.com/fedora-selinux/selinux-policy/pull/469
And apparently this is caused by changes in google-authenticator

Comment 1 Pierre Ossman cendio

2021-03-09 13:21:59 CET

This is a general SSH issue and not specific for ThinLinc.

Note You need to log in before you can comment on or make changes to this bug.