Opened 6 years ago
Closed 6 years ago
#1062 closed enhancement (fixed)
OTP setup should not be allowed for multi-user accounts
| Reported by: | Nicklas Nordborg | Owned by: | Nicklas Nordborg |
|---|---|---|---|
| Priority: | major | Milestone: | OTP login v1.1 |
| Component: | net.sf.basedb.otp | Keywords: | |
| Cc: |
Description
Multi-user accounts are typically used for demonstration purposes and usually have limited permissions and functionality. For example, they are not allowed to change password or modify personal information.
The OTP setup functionality doesn't check this and allow all users to setup OTP. This should be changed so that multi-user accounts are not allowed to setup OTP.
This conflicts with the 'require-otp' setting and it would be impossible to setup a server that require OTP for all users and still have a multi-user account for demonstration purposes. We should change this so that the requirement is only enforced for regular user accounts.
Change History (2)
comment:1 by , 6 years ago
comment:2 by , 6 years ago
| Resolution: | → fixed |
|---|---|
| Status: | new → closed |
Note:
See TracTickets
for help on using tickets.
(In [4946]) References #1062: OTP setup should not be allowed for multi-user accounts
The OTP setup wizard now checks if the account is a 'multi-user' account before allowing the setup.