Trying to enable 2FA for my login in Garuda

Is it ok if I resurrect this one? It feels similar to an issue I had today, trying to enable 2FA for my login.

I messed up big time today - and spent the whole day troubleshooting - trying to set up 2FA/TOTP password for my user in Garuda Linux (KDE Dragonized).

Following ChatGPT instructions, I ran:

sudo pacman -S libpam-google-authenticator



Went through the script, and got the totp tested and saved to my password manager.

I also edited the system-auth file, and included the line:

auth required

What happened was that when asking for my password, trying to log in or run “sudo”, it didn’t accept my password anymore.

When asking to input a “password”, only the TOTP was accepted. But then it kept asking for a “verification code” and nothing worked there.

It was as if it forgot about my original password. I had to boot on a second distro I own, mounted the garuda drive, and edited the file back to original.

I still want to set 2fa for logins and sudo, etc. What should I have done additionally?

Thank you in advance!

You can set different user and root passwords, but not the 2FA for one user.

Like here in Forum, for login, I give my username and password, but then follow the 2FA with 6 numbers given by a generator (here vaultwarden).

Sorry for the amateurish answer, I’m a bad teacher. :smiley:

1 Like

Give a look at this Wiki article (just seen for the first time):
It seems mainly focused on ssh access, but there’s a section for Desktop Login.
Unfortunately it seems to be feasible only with GDM, not with SDDM.
This seems to be confirmed here (and somewhere else searching on the Internet):

But in this other issue there are some suggested workarounds:

It might be quite complex, but at least it is a starting pint…


Thank you so much!!!

1 Like

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.