TOTP GUI restriction for Users

Started by nlaird80, September 06, 2016, 10:02:30 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
September 06, 2016, 10:02:30 PM
We allow our users of VPN to sign into the management GUI and only access the password management page. This lets them self-service a password change. What we would also like to allow is self-service for TOTP seeds (at a minimum the ability to get their QR). I cannot determine if there is already a permission in the access-control.

Any way to allow self-service for this? I would even be willing to accept self service to their own account management page (but not other users')

Thanks!
September 19, 2016, 12:45:46 AM #1
Hi there,

At the moment there is no "profile" page for users that is tailored for read-only access of their settings.

I don't know what the best place would be for such a feature and what other data it should display.

Aiming for a simple solution... maybe showing the QR code on the password change page would be enough if the user has an OTP seed assigned?


Cheers,
Franco
September 21, 2016, 09:02:22 PM #2
That would most likely be enough. We just want users to be able to change their own passwords and/or get their QR code without the admin from manually distributing them all (50+).
September 21, 2016, 09:17:25 PM #3
I've recorded this as ticket https://github.com/opnsense/core/issues/1197 just now, thanks
Print
Go Up Pages1
User actions