On Mon, Feb 18, 2019 at 10:47 AM Benjamin Griese <[email protected]> wrote:
> Hello everybody, > > this is kind of a uplicate of a post made by someone on guacamole-issues > ML[1]. > > I've setup a Guacamole system in my home environment for remote access. > In order to make things secure, I thought I setup TOTP 2 factor > authentication in conjunction with LDAP. > > I've found out the local guacadmin is successfully being asked for TOTP > init. > Even though LDAP users and even additional local users are not getting > asked for TOTP init. > > I am using this docker-image in a kubernetes setup, if it does matter. > https://github.com/oznu/docker-guacamole > > > Is this a bug or a misconfigured setup? > This is perhaps a nuance of the configuration and how it works. First, you need the users to exist in the database authentication module, because that's where the TOTP information gets stored. Second, the users in the DB module need to be allowed to update their own passwords (basically update their own account), as that's what determines whether or not the user can store information about themselves. -Nick >
