You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@guacamole.apache.org by carlog <cg...@turlock.ca.us> on 2019/09/18 14:12:12 UTC
Re: TOTP reset
I've got an issue where the first two users are working with TOTP. The rest
of the users are not. They successfully log in with the user name and
password, and there is no prompt for TOTP.
Looking at the database, there are entries for guac-totp-key-confirmed=true
and guac-totp-key-secret=[key] for only user_id 1 and 2. If I change
guac-totp-key-confirmed for my account to false, then I get the barcode
prompt after logging in, and even after entering the code, I get it again
every time I log in. the field never changes from false to true. If I
delete both fields for my user account, then I just log in successfully with
just user name and password.
BTW, I'm using Active Directory integration if that makes a difference. It
is limited to users that I have in a security group.
Thanks in advance.
--
Sent from: http://apache-guacamole-general-user-mailing-list.2363388.n4.nabble.com/
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@guacamole.apache.org
For additional commands, e-mail: user-help@guacamole.apache.org
Re: TOTP reset
Posted by Nick Couchman <vn...@apache.org>.
On Wed, Sep 18, 2019 at 6:36 PM carlog <cg...@turlock.ca.us> wrote:
> I found out my issue, after finding vnick's post
>
> "Any users for whom you want TOTP enabled need permission to edit
> themselves
> (change their own password). Else they will not be able to enroll in
> TOTP."
>
> Here's my issue. The users are automatically added to Guac because they
> are
> members of an AD security group. Can I set the option for "change their
> own
> password" to be "on" by default on all new users?
>
>
There's a PR out there and some work to be done to get users automatically
added to Guac from other extensions, but this is a really good point to
follow-up on that work - users that are automatically added, whether
implicitly because of group membership or because we add that support
within the JDBC module need to be able to get a set of default permissions
that would allow for this. I don't think I had thought of that before.
-Nick
Re: TOTP reset
Posted by carlog <cg...@turlock.ca.us>.
I found out my issue, after finding vnick's post
"Any users for whom you want TOTP enabled need permission to edit themselves
(change their own password). Else they will not be able to enroll in TOTP."
Here's my issue. The users are automatically added to Guac because they are
members of an AD security group. Can I set the option for "change their own
password" to be "on" by default on all new users?
Thanks!
--
Sent from: http://apache-guacamole-general-user-mailing-list.2363388.n4.nabble.com/
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@guacamole.apache.org
For additional commands, e-mail: user-help@guacamole.apache.org