Bug #195
Additional accounts don't get 2FA setup properly
| Status: | New | Start: | 2021-04-23 | |
|---|---|---|---|---|
| Priority: | Normal | Due date: | ||
| Assigned to: | - | % Done: | 0% |
|
| Category: | - | |||
| Target version: | - | |||
| Votes: | 0 |
Description
The two factor authentication settings are supposed to be per-customer, i.e. the same for all VPSes operated by a given customer. However if a customer already has 2FA enabled and then they order a new VPS, the new VPS does not have the PAM settings file created properly. The result is that 2FA is demanded for all VPS accounts on login to the Panel web site, but is not demanded for SSH to the Xen Shell.
As a workaround, 2FA can be disabled and then re-enabled by the customer from the Panel site. That would force a re-deploy of the relevant configuration to all accounts.
The proper fix is add the deploy of this configuration to the VPS setup script if the customer has 2FA enabled.