跳过Hermes SEG Admin One-Time Password验证
登录Hermes SEG提示要做动态口令认证,因为是测试环境,所以决定取消该认证。
因为无法登录网页控制台,所以通过修改数据库修改配置。结果发现"access_control" 是"one_factor",用户配置并没有开启。
select * from system_users;
+----+----------+-----------------------------+-----------------+------------+-----------+--------+----------------+---------+
| id | username | password | email | first_name | last_name | system | access_control | applied |
+----+----------+-----------------------------+-----------------+------------+-----------+--------+----------------+---------+
| 1 | admin | $argon2id$v=19$m=65536,t... | abcdef@test.com | System | User | 1 | one_factor | 1 |
+----+----------+-----------------------------+-----------------+------------+-----------+--------+----------------+---------+
1 row in set (0.000 sec)
根据官网文档,执行脚本/opt/hermes/scripts/disable_authelia_2fa.sh,也就是修改/etc/authelia/users_database.yml,依然无效。
users:
admin:
displayname: "System User"
password: "$argon2id$v=19$m=65536,t..."
email: abcdef@test.com
groups:
- one_factor
最后修改/etc/authelia/configuration.yml 将policy: two_factor 改为 policy: one_factor 然后systemctl restart authelia成功跳过验证。
access_control:
default_policy: deny
rules:
# Rules applied to everyone
- domain: 10.0.0.201
resources:
- '^/admin([/?].*)?$'
subject: "group:two_factor"
policy: two_factor