homed different login if configured 2FA is no present, depending on PIN entry

[schaarsc]

systemd version the issue has been seen with

254

Used distribution

No response

Linux kernel version used

No response

CPU architectures issue was seen on

None

Component

systemd-homed

Expected behaviour you didn't see

it should not make a difference for the fallback login flow, whether a PIN was entered or not

Unexpected behaviour you saw

Steps to reproduce the problem

0. create user

sudo homectl create --storage=luks --fs-type=btrfs \
--fido2-device=auto --fido2-with-client-pin=yes --fido2-with-user-presence=no --recovery-key=yes \
--image-path=/dev/disk/by-id/usb-_-0:0  testUser

1. missing token

su - testUser
Passwort: 
Security token PIN: <enter something>
Security token of user testUser not inserted.
Try again with password: 
--> OK, login without 2FA using password as fallback

2. empty token pin

su - testUser
Passwort: 
Security token PIN: <press return without pin>
su: warning: cannot change directory to /home/testUser: permission denied
-bash: /home/testUser/.bash_profile: permission denied

Expected

• use the password as fallback

Additional program output to the terminal or log subsystem illustrating the issue

No response

[schaarsc]

found an older issue about using password as fallback #19872

assuming that most people would like to have the fallback, it would be nice to mention this maybe in the man page

except for the fallback part the reset of the original post is still valid for v254. the login flow is different for "Security token PIN" is empty and "Security token PIN" is not empty. I will edit the issue accordingly