freeipa

Clone
Source Code
GIT

#6075 [RFE] Helpdesk role for managing otp tokens
Closed: wontfix 3 years ago by pcech. Opened 7 years ago by pvoborni.

Closed: wontfix
Reopen Issue

Create a helpdesk role which would be able to manage otp tokens

Use case:

Create a User

Assign helpdesk role to that user

Now login with the user and try to add otp token for any other user

Actual results:
Insufficient access

Expected results:
User member of helpdesk role should be able to manage user token

Note: Consider security implication of such role described at: http://www.freeipa.org/page/V4/OTP#Helpdesk I.e. such role needs to be carefully designed so as not to permit helpdesk privilege escalation.

Metadata Update from @pvoborni:
- Issue assigned to someone
- Issue set to the milestone: Future Releases
7 years ago

I would expect that the helpdesk role could at least:
- check if an OTP token exists for a user ("You can't log in because you haven't set up 2FA")
- delete the token on the user's behalf ("I lost my phone")

OTP tokens managed by group would also be useful

Metadata Update from @pcech:
- Custom field affects_doc adjusted to on
- Custom field knownissue adjusted to on
- Issue close_status updated to: wontfix
- Issue status updated to: Closed (was: Open)
3 years ago

Login to comment on this ticket.

Metadata
None
None
None
normal
None
on
None
on
enhancement
None
None
OTP
None
None
None
None
None
None
https://bugzilla.redhat.com/show_bug.cgi?id=1347773
None
None
None
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.