enabled OTP and now locked out

Question

Hi there,

Does anyone know how to disable the OTP requirement when it has been set on accounts through a recovery process?  I enabled and tested OTP for my admin accounts and verified they were working with Feitian C200 tokens but today I can't log in.  I can do a password recovery on the console and reset the admin password but still can't log in. I'm guessing that the OTP has lost sync somehow so even a passowrd recovery doesn't fix the problem.  Now I'm locked out of the GUI so any help would be great.

Is there a way, through a recovery process, to disable the need for the OTP even temporarily?

[:S]

This thread was automatically locked due to age.

UrsWeiss · Answer

If you can log in with loginuser and the root password is working (as it seems because you did a password reset) you can disable OTP as follows:

Login as "loginuser" and enter "su -" to become root.

Then enter these four commands:
- cc
- auth
- otp
- facilities@

You will see a list of services where OTP is enabled. Differs depending on your selection in the WebADmin (f.ex.):
0 webadmin
1 portal
2 ipsec
3 openvpn

You want to disable OTP for WebAdmin. So, in this case "0"

Enter "-0" (or what "webadmin" is in your case, with the minus in front of the number).

Not sure anymore if you have to save it (w ).

Now you should be able to log in again.