Opened 2 years ago

Closed 2 years ago

#1062 closed enhancement (fixed)

OTP setup should not be allowed for multi-user accounts

Reported by: Nicklas Nordborg Owned by: Nicklas Nordborg
Priority: major Milestone: OTP login v1.1
Component: net.sf.basedb.otp Keywords:
Cc:

Description

Multi-user accounts are typically used for demonstration purposes and usually have limited permissions and functionality. For example, they are not allowed to change password or modify personal information.

The OTP setup functionality doesn't check this and allow all users to setup OTP. This should be changed so that multi-user accounts are not allowed to setup OTP.

This conflicts with the 'require-otp' setting and it would be impossible to setup a server that require OTP for all users and still have a multi-user account for demonstration purposes. We should change this so that the requirement is only enforced for regular user accounts.

Change History (2)

comment:1 Changed 2 years ago by Nicklas Nordborg

(In [4946]) References #1062: OTP setup should not be allowed for multi-user accounts

The OTP setup wizard now checks if the account is a 'multi-user' account before allowing the setup.

comment:2 Changed 2 years ago by Nicklas Nordborg

Resolution: fixed
Status: newclosed

(In [4947]) Fixes #1062: OTP setup should not be allowed for multi-user accounts

Multi-user accounts can now login with only password even if other settings say something else.

Note: See TracTickets for help on using tickets.