Disable two factor authentication (2FA Google, Yubikey , Access Keyword, DUO)
How do I disable Two Factor Authentication ( 2FA ) for the admin user and others?
For Ezeelogin Version 7 and above
1. To disable two factor authentication ( 2FA ) for admin user, run the following commands.
root@jumpserver:~# php /usr/local/ezlogin/ez_queryrunner.php "update prefix_settings SET value = 0 WHERE name = 'two_factor_auth'"
root@jumpserver:~# php /usr/local/ezlogin/ez_queryrunner.php "update prefix_users set egs=NULL,eak=NULL,eyk=NULL,set_duo=0 where id=1"
You can also disable the duo for admin user by running the following command :
root@localhost:~ php /usr/local/ezlogin/ez_queryrunner.php "update prefix_users set set_duo=0 where id=1"
2. To disable Force Two factor authentication for all users, run the following command.
root@jumpserver:~# php /usr/local/ezlogin/ez_queryrunner.php "update prefix_settings SET value = 0 WHERE name = 'two_factor_auth'"
3. To disable Two factor authentication ( 2FA ) for all users ,run the following command.
root@jumpserver:~# php /usr/local/ezlogin/ez_queryrunner.php "update prefix_settings set value='N' where(name='enable_access_keyword' OR name='enable_google_authenticator' OR name='enable_yubikey' OR name='enable_duo')"
To clear Two factor Authentication for all users, run the following command.(All users need to reconfigure two factor authenticator after clearing it)
root@jumpserver:~# php /usr/local/ezlogin/ez_queryrunner.php "update prefix_users set egs=NULL,eak=NULL,eyk=NULL,set_duo=0"
4. To disable Force two factor authentication ( 2FA ) for user group , run the following command.
root@jumpserver:~# php /usr/local/ezlogin/ez_queryrunner.php " update prefix_usergroups SET force_tfa = 'N' where name = 'usergroup_name'"
Note: Replace the 'usergroup_name' with your user group .
Abbreviations:
eak = Access Keyword
eyk = Yubikey
egs = Google Authenticator
set_duo = DUO 2FA
For Ezeelogin Version 6 and below
1. Find database name and database prefix from /usr/local/etc/ezlogin/ez.conf in ezeelogin gateway server.
root@jumpserver:~# cat /usr/local/etc/ezlogin/ez.conf
system_folder /var/www/ezlogin/
force_https yes
uri_path /
db_host localhost
db_port /var/run/mysqld/mysqld.sock
db_name ezlogin_por
db_user ezlogin_cxy
db_pass ymhbtPaY)VzD2g]84
db_prefix casmbn_
cookie_encryption_key D8$Frp5fF_FF
cookie_name rlbup
cookie_path /
www_folder /var/www/html/ezlogin/
admin_user ezadmin
mysql_encrypt no
2. Login to mysql command prompt
Replace the "db_user" & "dn_name" with values in /usr/local/etc/ezlogin/ez.conf of your ezeelogin jump server.You can find the db password as "db_pass" in /usr/local/etc/ezlogin/ez.conf of your ezeelogin jump server.
root@jumpserver:~# mysql -u db_user -p db_name
4. Run the following command to two factor authentication ( 2FA ) for admin user
Replace " dbprefix_" with the value of dbprefix_ in /usr/local/etc/ezlogin/ez.conf of your ezeelogin jump server. For example " dbprefix_settings " is to be replaced with " casmbn_settings " here.
UPDATE dbprefix_settings SET value = 0 WHERE name = 'two_factor_auth' ;
UPDATE dbprefix_users SET egs=NULL,eak=NULL,eyk=NULL,set_duo=NULL where id=1;
Run the following command two factor authentication ( 2FA ) for all users.
UPDATE dbprefix_users SET egs=NULL,eak=NULL,eyk=NULL,set_duo=0;
you have to use correct db_name and dbprefix from ez.conf if you are running the mysql commands manually.
