On 25-04-2019 7:44 PM, brunold wrote:
>
> Hi Edward,
>
> thanks for reply.
> Do you have your two instances in the same NAM cluster ?
>
> I have opened a SR yesterday about this and Klaus told me that he guess
> the encryption is done with a NAM cluster secret, that is different at
> the next NAM cluster.


I have 2 completely independent NAM envs pointing to the same eDir instance. When i logged in with my test account on the first env i got challenged
with the QR code and scanned it. Retried auth and i got in with the code generated by the app. I then went to the 2nd instance and got challenged for
just the code (no QR code to be scanned so it recognized that the user was already enabled for TOTP) and provided the code from the app and was
authenticated.

On the totp class in each env I configured:
SECRET_STORE_CLASS USERSTORE
SECRET_LDAP_ATTRIBUTE_NAME auxTOTP

The value doesn't appear to be encrypted to be honest. I think its just a random seed generated which makes your totp tokens unique.


--
Cheers,
Edward