I've been wondering how to do this also in an easy way. ie just force re-enrollment to allow a new device or second device.
can anyone expand on this script to just have a select based on the username i need. instead of just guessing the user_id :) . for now i just did a manual few lines to get it done. mysql> select * from guacamole_user_attribute; mysql>update guacamole_user_attribute set attribute_value='false' where attribute_name='guac-totp-key-confirmed' and user_id=2 danielm ====== You would need to remove the "guac-totp-key-secret" and "guac-totp-key-confirmed" attributes for the user in question. The database authentication backends will store these within the "guacamole_user_attribute" table. Alternatively, I believe you could set "guac-totp-key-confirmed" to "false" to force re-enrollment without changing the secret. The user will then see the enrollment barcode, etc. when they next attempt to log in. - Mike ====== From: "Genotix" <[email protected]> To: [email protected] Date: 06/19/19 02:57 AM Subject: Re: TOTP reset Mike, just to add up onto your reply and to help out any other people looking into this. Replace the *[USER]* part with the username and you'll be able to "reset" the TOTP question: -- Sent from: http://apache-guacamole-general-user-mailing-list.2363388.n4.nabble.com/ --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
