We have a FreeIPA realm that’s a mix of RHEL servers and Fedora workstations. Everything is working fine under Gnome but I can’t seem to get KDE to play along. authselect doesn’t seem to show any options that would effect this behaviour, so I’m not sure what to check from here.
-
When a user tries to unlock a session, the lock screen errors out and asks the user to manually unlock using another virtual terminal (Ctrl + Alt + F3).
-
When a user needs to provide an authentication prompt, e.g. unlocking their keyring or mounting a disk, it just sits there and does nothing. No error, no feedback.
If it matters, we enforce 2FA (Password + OTP) for our domain. Non-FAST clients are meant to fallback to [password+otp] formats for passwords, but that doesn’t seem to make a difference here.
I can find some random information floating around suggesting to manually add pam_ldap to PAM, but this seems wrong given that FreeIPA/Authselect adds pam_sssd.