How to remove 2FA?

SpiceDenver · June 9, 2020, 2:35pm

NethServer Version: 7.3.2003
Module: Base

My users are really, really bad. How can I entirely remove the option of 2FA from the server?

stephdl · June 9, 2020, 5:01pm

Each user stores the key inside his home

rm -f /var/lib/nethserver/home/*/.2fa.secret
signal-event otp-save

https://docs.nethserver.org/en/latest/base_system2.html?highlight=otp#emergency-recovery

SpiceDenver · June 9, 2020, 9:16pm

No, I mean, on the password reset page, there’s a section for 2FA and I don’t want them to have the ability to use, set, or be confused by the 2FA. I need it 100% disabled.

stephdl · June 10, 2020, 8:41am

Hum…this has not been taken into account…each is free to use or not. We have not thought on it.

For those who use it, you can make a cron to remove the key each night

SpiceDenver · June 10, 2020, 2:19pm

Ok. My users are incredibly poor on this and I’d rather NOT have the section show at all.

Thanks for the reply.

stephdl · June 10, 2020, 3:05pm

What do you think @giacomo @davidep ?

giacomo · June 11, 2020, 6:39am

Sorry, but there isn’t an option to hide that part.

To enable 2FA you need the validation step, poor users should not be able to complete it.
If they enable it, for sure they will be able to use it.