[Koha-bugs] [Bug 28786] Two-factor authentication for staff client - TOTP
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Thu Sep 9 04:16:50 CEST 2021
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=28786
--- Comment #24 from David Cook <dcook at prosentient.com.au> ---
If we look at Red Hat's FOSS Identity Management system Keycloak, we can see
that they do store credentials separately to the user_entity table.
https://www.keycloak.org/docs/latest/server_admin/#_user-credentials
http://htmlpreview.github.io/?https://gist.githubusercontent.com/thomasdarimont/b1c19da5e8df747b8596e6ddcda7e36f/raw/29309467f4ea07519cf614fd74943272e7d939f4/keycloak_db_overview_4.0.0.CR1-SNAPSHOT.svg
They store both passwords and one-time passwords using that table.
I don't know about Keycloak for sure, but it's common for applications to store
multiple OTPs to give users a margin of error. For instance, with AWS and
Google Authenticator, you can use the current code or the past 1-2 codes I
believe. Using a separate credential table would make that easier.
--
You are receiving this mail because:
You are watching all bug changes.
More information about the Koha-bugs
mailing list