multiOTP
commented
3 months ago Hello kitecn,
During the installation process of the multiOTP Credential Provider, you have the choice to select when 2FA is needed:
- Logon (None, Local and Remote, Only Remote, Only Local)
- Unlock (None, Local and Remote, Only Remote, Only Local)
- CredUI (None, Local and Remote, Only Remote, Only Local)
If you want to have 2FA during RDP only for Logon and Unlock, be sure to have selected:
- Logon : Only Remote
- Unlock : Only Remote
Furthermore, be sure also to have set 0 for the timeout before asking 2FA again on unlock.
Check also the text file of multiOTP Credential Provider, there is a lot of information. You will see for example the various registry entries definition (into the path HKEY_CLASSES_ROOT\CLSID{FCEFDFAB-B0A1-4C4D-8B2B-4FF4E0A3D978})
For your needs, the entries should be:
- cpus_logon: 1e
- cpus_unlock: 1e
- cpus_credui: 3d
- multiOTPTimeoutUnlock: 0
Regards, and keep us in touch !
Andre
kitecn
multiotp is very wonderful application,when i install in win server 2019,standalone without server ,using for rdp , when i first login through RDP ,the OTP LOGIN appear, disconnect the session ,connect rdp again, ,just prompt input twice windows login password,not OTP。 i try logout windows,OTP appear,when i lock windows server,just twice password need,OTP not appeared。 i want config need windows password need otp。
config file as below
multiotp-database-format-v3 ; If backend is set to something different than files, ; and backend_type_validated is set to 1, ; only the specific information needed for the backend ; is used from this config file.
encryption_hash= actual_version=5.9.7.1 admin_password_hash:= anonymous_stat=1 anonymous_stat_last_update=1714960191 anonymous_stat_random_id= attributes_to_encrypt= auto_resync=1 backend_encoding=UTF-8 backend_type=files backend_type_validated=0 cache_data=0 cache_ldap_hash=1 case_sensitive_users=0 challenge_response_enabled=0 clear_otp_attribute= console_authentication=0 create_host=dddd create_time=1714960191 debug=0 default_algorithm=totp default_dialin_ip_mask= default_pin_digits=4 default_user_group= default_request_ldap_pwd=1 default_request_prefix_pin=1 demo_mode=0 developer_mode=0 display_log=0 domain_name= email_admin_address= email_code_allowed=0 email_code_timeout=600 email_digits=6 encode_file_id=0 encryption_key_full_path= failure_delayed_time=300 group_attribute=Filter-Id hash_salt_full_path= issuer=multiOTP language=en last_failed_white_delay=60 last_sync_update=0 last_sync_update_host= last_update=1715434405 last_update_host=ddd ldap_expired_password_valid=1 ldap_account_suffix= ldap_activated=0 ldap_base_dn= ldap_bind_dn= ldap_cache_folder= ldap_cache_on=1 ldap_cn_identifier= ldap_default_algorithm=totp ldap_domain_controllers= ldap_filter= ldap_group_attribute= ldap_group_cn_identifier= ldap_users_dn= ldap_hash_cache_time=604800 ldap_in_group= ldap_language_attribute=preferredLanguage ldap_network_timeout=10 ldap_port=389 ldap_recursive_cache_only=0 ldap_recursive_groups=1 ldap_server_password:= ldap_server_type=1 ldap_ssl=0 ldap_synced_user_attribute= ldap_time_limit=30 ldap_without2fa_in_group= ldaptls_reqcert= ldaptls_cipher_suite= log=0 max_block_failures=6 max_delayed_failures=3 max_event_resync_window=10000 max_event_window=100 max_time_resync_window=90000 max_time_window=600 multiple_groups=0 ntp_server=pool.ntp.org overwrite_request_ldap_pwd=1 radius_error_reply_message=1 radius_reply_attributor= += radius_reply_separator_hex=2c radius_tag_prefix= scratch_passwords_digits=6 scratch_passwords_amount=10 self_registration=1 server_cache_level=0 server_cache_lifetime=15552000 server_secret:= server_timeout=5 server_type= server_url= sms_api_id:= sms_basic_auth=0 sms_code_allowed=1 sms_content_encoding= sms_content_success= sms_digits=6 sms_encoding= sms_header= sms_international_format=0 sms_ip= sms_message_prefix= sms_method= sms_no_double_zero=0 sms_originator=multiOTP sms_password:= sms_port= sms_provider= sms_send_template= sms_status_success= sms_timeout=180 sms_url= sms_userkey:= smtp_auth=0 smtp_password:= smtp_port=25 smtp_sender= smtp_sender_name= smtp_server= smtp_ssl=0 smtp_username= sql_server= sql_username= sql_password:= sql_database= sql_schema= sql_config_table=multiotp_config sql_cache_table=multiotp_cache sql_ddns_table=multiotp_ddns sql_devices_table=multiotp_devices sql_groups_table=multiotp_groups sql_log_table=multiotp_log sql_stat_table=multiotp_stat sql_tokens_table=multiotp_tokens sql_users_table=multiotp_users sync_delete_retention_days=30 syslog_facility=7 syslog_level=5 syslog_port=514 syslog_server= tel_default_country_code= timezone=Europe/Zurich token_serial_number_length=12 token_otp_list_of_length=6 verbose_log_prefix= sms_challenge_enabled=0 text_sms_challenge= text_token_challenge=