From da535ef5697f6ce87a7f34ff185e4df239e6af63 Mon Sep 17 00:00:00 2001
From: Christian Poessinger <christian@poessinger.com>
Date: Fri, 14 Oct 2022 20:00:25 +0200
Subject: login: 2fa: T874: fix Google authenticator issues

Move default values of TOTP configuration from a global to a per user setting.
This makes the entire code easier as no global configuration must be blended
into the per user config dict.

Also it should be possible to set the authentication window "multiple concurrent
keys" individual per user.

set system login user vyos authentication otp key 'gzkmajid7na2oltajs4kbuq7lq'
set system login user vyos authentication plaintext-password 'vyos'
---
 data/templates/login/pam_otp_ga.conf.j2 | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'data')

diff --git a/data/templates/login/pam_otp_ga.conf.j2 b/data/templates/login/pam_otp_ga.conf.j2
index 4c1f411d1..cf51ce089 100644
--- a/data/templates/login/pam_otp_ga.conf.j2
+++ b/data/templates/login/pam_otp_ga.conf.j2
@@ -1,5 +1,5 @@
 {% if authentication.otp.key is vyos_defined %}
-{{ authentication.otp.key }}
+{{ authentication.otp.key | upper }}
 " RATE_LIMIT {{ authentication.otp.rate_limit }} {{ authentication.otp.rate_time }}
 " WINDOW_SIZE {{ authentication.otp.window_size }}
 " DISALLOW_REUSE
-- 
cgit v1.2.3