On Tue, Apr 13, 2021 at 11:07 AM Allen Chen <[email protected]> wrote:
> Hi there, > > I have upgraded Guacamole from 1.1.0 to 1.2.0 without any issues. > I just compiled guacamole-server-1.2.0 and replaced > guacamole-auth-jdbc-mysql, guacamole-auth-totp and guacamole-1.2.0.war. > > But now with 1.2.0, TOTP is activated for every users in DB. > In 1.1.0, we can control this by setting "Change own password". > Is there a way to change this behavior back? So we have an option to > activate TOTP on some users. > > Yes, in version 1.2.0 we changed how extensions interact with other extensions, essentially giving extensions like TOTP the ability to interact with the database without the user having to have explicit permissions. This was an intentional change, and the prior behavior - where TOTP did not work unless the user had "Change own password" option - was never designed to be a feature, it was just a byproduct of how it was previously implemented. There is currently a JIRA issue that aims at allowing TOTP to be enabled/disabled based on group membership, but that is not implemented, today, so there's currently no work-around or way to restore the functionality you saw in 1.1.0. https://issues.apache.org/jira/browse/GUACAMOLE-1219 -Nick
