Syncing a authentication realm deletes user TFA keys

L

lodex

Member
Proxmox Subscriber
Oct 8, 2021
22
1
8
I'm currently implementing multi-factor authentication throughout our network. We plan to use Yubikeys in various ways and wanted to use Yubico OTP for our authentication realm in PVE. This authentication realm synchronizes users and groups from an OpenLDAP server. After setting up Yubico OTP for this authentication realm and adding my Key ID to my user object, I could login without any issues. Since PVE doesn't automatically sync authentication realms (which still baffles me), we have set up a cronjob to do this periodically. After the latest sync, I couldn't login anymore and noticed that the personal Key ID had been removed from my user object. This also happens when an user adds personal TFA with U2F for example. TFA gets simply set to 'No' after each sync. This also happens when I synchronize the realm manually through the GUI.

How can I prevent this?
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom