TFA with 60 sec timer

[dw4pres]

Hello! I've been trying to figure out how to add a hardware totp token that has a 60 sec timer. Simple solution would be to buy the correct periodicity, but I was hoping someone may have already done this.

Things I've tried:
-Add the token via the TFA gui -> doesn't work since that only supports 30 sec.
-Add the secret key to the user and updated the pve realm to use oath (with 60 sec timer) -> it never pops up with a tfa prompt.
-Verified user.cfg and domains.cfg are updated.
-Attempted to manually update tfa.cfg with a totp entry, but all it did was error out the interface.

Thanks in advance for any help!

 

[fweber]

Hi, the GUI indeed does not support creating a TOTP factor with a 60sec period, but you can try adding such a second factor manually via the API or pvesh using a otpauth:// URI. I used the example URI from [1] with an extra &period=60:

pvesh create /access/tfa/USER@REALM --type totp --description DESCRIPTION --totp 'otpauth://totp/Example:alice@google.com?secret=JBSWY3DPEHPK3PXP&issuer=Example&period=60' --value CURRENT_OTP

You'll need to fill in USER, REALM, DESCRIPTION and CURRENT_OTP accordingly.

I was then able to log into the web GUI with that second factor.

[1] https://github.com/google/google-authenticator/wiki/Key-Uri-Format

 

[dw4pres]

Thank you for the quick response and help! Worked perfectly!