I was wondering if anyone else has some better ways to find and reset their totp users, other than just deleting them. Ie someone lost/broke a phone. For now it seems there is no interface to do this (1.0.0) This is what I have been doing, any better ways? This is with the TOTP plugin and mysql database.
1) - Find out the user_id of the person in question. Since I guess I dont have 10000 users this seems ok. It's a report that shows the name and user id along with if they are disabled and if they have enrolled yet or never even tried (NULL). this is good to know if a bunch of users have not bothered yet, as untill they enroll the account is open to hack. (forgive the messy mysql) select t1.name, t2.user_id, t3.attribute_name, t3.attribute_value, t2.disabled from guacamole_entity t1, guacamole_user t2 left join guacamole_user_attribute t3 on t2.user_id=t3.user_id where t1.entity_id=t2.entity_id and ( t3.attribute_name="guac-totp-key-confirmed" or t3.attribute_name IS NULL ); 2) - Update the Confirmed parameter so it prompts again. Not sure if this is the best way. maybe it still means their 'codes' will be the same as before. It's probablly best to also erase the secret key part but I dont do that here yet. update guacamole_user_attribute set attribute_value='false' where attribute_name='guac-totp-key-confirmed' and user_id=2 --and that should end up with 1 row only changed! "" Query OK, 1 row affected (0.03 sec) Rows matched: 1 Changed: 1 Warnings: 0 "" and I guess you could do this before and after to see the changes... select * from guacamole_user_attribute where user_id=2 /danielm
