OTP setup should not be allowed for multi-user accounts
|Reported by:||Nicklas Nordborg||Owned by:||Nicklas Nordborg|
|Priority:||major||Milestone:||OTP login v1.1|
Multi-user accounts are typically used for demonstration purposes and usually have limited permissions and functionality. For example, they are not allowed to change password or modify personal information.
The OTP setup functionality doesn't check this and allow all users to setup OTP. This should be changed so that multi-user accounts are not allowed to setup OTP.
This conflicts with the 'require-otp' setting and it would be impossible to setup a server that require OTP for all users and still have a multi-user account for demonstration purposes. We should change this so that the requirement is only enforced for regular user accounts.