+1

2FA enabling for admin account

Steve Shipway 12 months ago • updated by Alberic ALEXANDRE 10 months ago 3

Currently, by design, the 2FA login (if enabled) does not apply to the Admin account(s).  These authenticate with a local password and no 2FA.


However, this is less secure, particularly since this is an admin account.


I would like to be able to (optionally) enable 2FA for admin accounts as well as for the normal local or LDAP users, so that we can have optimum security.  Thus, once we have 2FA working, I can flip a configuration switch and view the QR code for admin, and then need to use the 2FA for admin logins from that point forwards.

Hi,


You can edit file "sources/identify.php" and replace :

if (isset($_SESSION['settings']['google_authentication']) && $_SESSION['settings']['google_authentication'] == 1 && $username !== "admin") {


with


if (isset($_SESSION['settings']['google_authentication']) && $_SESSION['settings']['google_authentication'] == 1) {


And after it works.

Yes, I think that works (will try it next week).  It would be better to have this as a user-configurable option though, rather than having to modify the code.

Sure, It will be better, but I'm not TeamPass developer :( I fixed only this issue.