Thanks Nick i will give that a go Richard
On Wed, 13 May 2020 at 19:24, Nick Couchman <[email protected]> wrote: > On Wed, May 13, 2020 at 12:11 PM Richard Diaz <[email protected]> wrote: > >> Hello, >> >> I am deploying guacamole to a large number of users 1000+, all is well >> and ready to launch, but i would like to turn on 2FA, i understand that i >> can do this on the GUI on an individual level but this is not realistic for >> bulk, can someone tell me what mysql database flag needs to be modified to >> trigger enrollment. >> >> > Richard, > I assume you are talking about the TOTP extension? Simply installing that > extension should prompt anyone who logs in to activate the 2FA. The only > catch is that the users need to be able to modify themselves - that is, > change their own credentials. The DB entry for this is as follows: > > guac=# SELECT * FROM guacamole_user_permission WHERE affected_user_id=4 > AND entity_id=4; > affected_user_id | permission | entity_id > ------------------+------------+----------- > 4 | READ | 4 > 4 | UPDATE | 4 > > In the above example, the user in question has ID of 4, so these entries > indicate that the user can update themselves. Basically, for each user, > you'd need to insert these two rows into the guacamole_user_permission > table that allow the user to update themselves. Note that, in my case the > user_id and entity_id match - this may not always be the case, so you need > to make sure you get the correct user_id and entity_id for the user. This > should be fairly easily doable with some SQL queries or views... > > -Nick >
