4jNsY6fCVqZv
commented
4 years ago @cassidyjames
Right now it looks like the agent just immediately returns a failure which means you can't enable a security key in PAM for LightDM, and then use anything that uses polkit.
You mean it does not work generally or in relation to the actions with polkit?
If a FIDO/U2F key is required for LightDM in PAM, we should wait for a bit of time to wait for it to authenticate for PolKit; typically I see somewhere in the range of 10–30 seconds for web services and LightDM. We should show a message and spinner of some sort during this time to prompt the user to insert and authenticate the key.
Right now it looks like the agent just immediately returns a failure which means you can't enable a security key in PAM for LightDM, and then use anything that uses polkit.