You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@guacamole.apache.org by "Mike Jumper (Jira)" <ji...@apache.org> on 2022/09/29 17:56:00 UTC

[jira] [Closed] (GUACAMOLE-1689) TOTP - add property to remove (username) from Authenticator setup

     [ https://issues.apache.org/jira/browse/GUACAMOLE-1689?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Mike Jumper closed GUACAMOLE-1689.
----------------------------------
    Resolution: Won't Do

> TOTP - add property to remove (username) from Authenticator setup
> -----------------------------------------------------------------
>
>                 Key: GUACAMOLE-1689
>                 URL: https://issues.apache.org/jira/browse/GUACAMOLE-1689
>             Project: Guacamole
>          Issue Type: Improvement
>          Components: guacamole-auth-totp
>    Affects Versions: 1.4.0
>            Reporter: Vincent Sherwood
>            Priority: Minor
>
> When enrolling a user for TOTP, the barcode uses the text from the configured totp-issuer (or the default "Apache Guacamole") and appends " (username)" when creating the new entry in the Authenticator App. For example 
> totp-issuer DevTest
> {quote}DevTest (bloggs_joe)
> 123456
> {quote}
> This leaks valuable information (their username for the system) to anyone who might catch sight of a user's authenticator.
> For security conscious users it would be good to add an option in the config file to hide the username
> # totp-hideuser - Flag to hide username from generated authenticator entry. Set value to 1 to hide the username. (Default 0) 
> totp-issuer DevTest
> totp-hideuser 1
> {quote}DevTest
> 123456
> {quote}



--
This message was sent by Atlassian Jira
(v8.20.10#820010)