Add a way to re-encrypt the token

Question

Add a way to re-encrypt the token

mricon opened this issue 11 years ago · 3 comments

We currently have a way to encrypt the token using totpprov, but not a way to re-encrypt it in case the pincode (password) is changed. It should be a trivial addition and will make password changes by admins less problematic.

Answer 1 · 2013-07-10T19:05:38.000Z

Would this be similar to allowing a user to remove their token if need be? I can see how in my environment people may change phones and switch authenticators incorrectly and it would be nice if they could redo their account without much interaction from the admin (me)

Answer 2 · 2013-07-29T15:53:04.000Z

No, that's not the same thing, though it's something I definitely need to provide. Please feel free to open another issue to request that feature.

Answer 3 · 2013-09-20T18:52:22.000Z

Added decrypt-user-token support, so effectively this is a two-step operation.