OPNsense Forum

Archive => 16.7 Legacy Series => Topic started by: nlaird80 on September 06, 2016, 10:02:30 pm

Title: TOTP GUI restriction for Users
Post by: nlaird80 on September 06, 2016, 10:02:30 pm

We allow our users of VPN to sign into the management GUI and only access the password management page. This lets them self-service a password change. What we would also like to allow is self-service for TOTP seeds (at a minimum the ability to get their QR). I cannot determine if there is already a permission in the access-control.

Any way to allow self-service for this? I would even be willing to accept self service to their own account management page (but not other users')

Thanks!

Title: Re: TOTP GUI restriction for Users
Post by: franco on September 19, 2016, 12:45:46 am

Hi there,

At the moment there is no "profile" page for users that is tailored for read-only access of their settings.

I don't know what the best place would be for such a feature and what other data it should display.

Aiming for a simple solution... maybe showing the QR code on the password change page would be enough if the user has an OTP seed assigned?


Cheers,
Franco

Title: Re: TOTP GUI restriction for Users
Post by: nlaird80 on September 21, 2016, 09:02:22 pm

That would most likely be enough. We just want users to be able to change their own passwords and/or get their QR code without the admin from manually distributing them all (50+).

Title: Re: TOTP GUI restriction for Users
Post by: franco on September 21, 2016, 09:17:25 pm

I've recorded this as ticket https://github.com/opnsense/core/issues/1197 just now, thanks