I have created a new user accout on the PVE instance. I have also added a TOTP 2fa entry for this user. If I login as the user via the GUI login, the 2fa code works and login occurs as expected. There are two log entries generated during the login process. The first is after the username and password are sent. And the second is when the TOTP number is sent.
If I try to use the API and the TOTP is enbled, the API response is
and the following error is shown in the logs:
Here is the request being made:
If I disable the TFA entry for this user, and POST exactly the same request as above but without the otp k/v pair, then I get a correct response with a ticket etc.
What am I doing wrong here? How can I diagnose this problem?
Code:
May 26 16:44:31 instance pvedaemon[524347]: <root@pam> successful auth for user 'apiuser@pve'
May 26 16:44:38 instance pvedaemon[524347]: <root@pam> successful auth for user 'apiuser@pve'
If I try to use the API and the TOTP is enbled, the API response is
401 authentication failure
and the following error is shown in the logs:
Code:
May 26 16:49:54 instance pvedaemon[536496]: authentication failure; rhost=::ffff:10.10.10.10 user=apiuser@pve msg=invalid tfa response
Here is the request being made:
HTTP:
POST /api2/json/access/ticket HTTP/1.1
Content-Type: application/json; charset=utf-8
Host: instance:8006
Connection: close
User-Agent: RapidAPI/4.2.2 (Macintosh; OS X/14.5.0) GCDHTTPRequest
Content-Length: 66
{"username":"apiuser@pve","password":"1234567890","otp":"678457"}
If I disable the TFA entry for this user, and POST exactly the same request as above but without the otp k/v pair, then I get a correct response with a ticket etc.
What am I doing wrong here? How can I diagnose this problem?