In T270823#6711836, @Urbanecm wrote:Hmm, who can revoke OTRS 2FA? Does it require shell access?
- Queries
- All Stories
- Search
- Advanced Search
- Transactions
- Transaction Logs
Feed Advanced Search
Advanced Search
Advanced Search
Dec 25 2020
Dec 25 2020
Sep 19 2020
Sep 19 2020
ElHef updated the task description for T263328: Agents can view watched tickets outside of assigned queues.
In T263328#6476423, @Krenair wrote:This worked in the past on OTRS 5 with e.g. oversight queues. I assumed it
was deliberate - the most sensitive part of a ticket is almost always going
to be the first article and in this case the agent has already seen it.
In T263328#6476414, @Kb03 wrote:In OTRS 5 you could do the same thing with certain queues. I had a ticket get moved to permissions and I could still view and interact with it.
Sep 18 2020
Sep 18 2020
As another issue I see with this, the shared secret stays openly viewable in my preferences after being set. It's right below the password change fields, which ask for a 2FA token (presumably as a security check). Rather defeats the purpose of asking for that if you can just grab the secret and generate a code...
Sep 17 2020
Sep 17 2020
I was able to set it up in Google Authenticator without issue and it seems to be behaving. (Wouldn't let me log in with a blank or wrong code, and did let me log in with the right one.) It is somewhat confusing and fairly easy to mess up though. Agree with previous comment about documenting and communicating about the blank 2FA field when logging in. Manual entry of the shared secret seems like it would be fairly easy to accidentally brick your account, especially since I'm not seeing anywhere that it generates scratch codes.
Sep 16 2020
Sep 16 2020
As would I, just say the word
Jul 9 2019
Jul 9 2019
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL