Skip to Content

Disable two factor authentication (2FA Google, Yubikey , Access Keyword, DUO)

How do I disable Two Factor Authentication ( 2FA ) for the admin user and others?

For Ezeelogin Version 7 and above

 

1. To disable two-factor authentication ( 2FA ) for the admin user, run the following commands.

[email protected]:~# php /usr/local/ezlogin/ez_queryrunner.php "update prefix_settings SET value = 0 WHERE name = 'two_factor_auth'"

[email protected]:~# php /usr/local/ezlogin/ez_queryrunner.php "update prefix_users set egs=NULL,eak=NULL,eyk=NULL,set_duo=0 where id=1" 

You can also disable DUO for admin user by running the following command : 

[email protected]:~ php /usr/local/ezlogin/ez_queryrunner.php "update prefix_users set set_duo=0 where id=1" 

2. To disable Force Two factor authentication for all users, run the following command.

[email protected]:~# php /usr/local/ezlogin/ez_queryrunner.php "update prefix_settings SET value = 0 WHERE name = 'two_factor_auth'"

3. To disable  Two factor authentication ( 2FA ) for all users, run the following command.

[email protected]:~# php /usr/local/ezlogin/ez_queryrunner.php "update prefix_settings set value='N' where(name='enable_access_keyword' OR name='enable_google_authenticator' OR name='enable_yubikey' OR name='enable_duo')"

   To clear Two factor Authentication for all users, run the following command.(All users need to reconfigure two factor authenticator after clearing it)

[email protected]:~# php /usr/local/ezlogin/ez_queryrunner.php "update prefix_users set egs=NULL,eak=NULL,eyk=NULL,set_duo=0"

4. To disable Radius two factor authentication for all user, run the following command.

[email protected]:~# php /usr/local/ezlogin/ez_queryrunner.php "update prefix_settings set value='N' where name='enable_radius_2fa'"

5. To disable Force two factor authentication ( 2FA ) for user group, run the following command.

[email protected]:~# php /usr/local/ezlogin/ez_queryrunner.php  " update prefix_usergroups SET force_tfa = 'N' where name = 'usergroup_name'"

Note: Replace the 'usergroup_name' with your user group

Abbreviations:
   eak                    = Access Keyword
   eyk                    = Yubikey
   egs                    = Google Authenticator
   set_duo            = DUO 2FA    
 

For Ezeelogin Version 6 and below

1. Find database name and database prefix from /usr/local/etc/ezlogin/ez.conf in ezeelogin gateway server.

[email protected]:~# cat /usr/local/etc/ezlogin/ez.conf

system_folder /var/www/ezlogin/

force_https yes

uri_path /

db_host localhost

db_port /var/run/mysqld/mysqld.sock

db_name ezlogin_por

db_user ezlogin_cxy

db_pass ymhbtPaY)VzD2g]84

db_prefix casmbn_

cookie_encryption_key D8$Frp5fF_FF

cookie_name rlbup

cookie_path /

www_folder /var/www/html/ezlogin/

admin_user ezadmin

mysql_encrypt no


2. Login to mysql command prompt

Replace the "db_user" &  "dn_name" with values in    /usr/local/etc/ezlogin/ez.conf of your ezeelogin jump server.You can find the db password as "db_pass" in  /usr/local/etc/ezlogin/ez.conf of your ezeelogin jump server.

[email protected]:~# mysql -u  db_user -p  db_name

3. Run the following command to disable  two-factor authentication ( 2FA ) for the admin user

Replace " dbprefix_" with the value of dbprefix_ in  /usr/local/etc/ezlogin/ez.conf of your ezeelogin jump server. For example " dbprefix_settings " is to be replaced with " casmbn_settings " here.

UPDATE dbprefix_settings SET value = 0 WHERE name = 'two_factor_auth' ;

UPDATE dbprefix_users SET egs=NULL,eak=NULL,eyk=NULL,set_duo=NULL where id=1;


4.Run the following command to disable two-factor authentication ( 2FA ) for all users.

UPDATE dbprefix_users SET egs=NULL,eak=NULL,eyk=NULL,set_duo=0;

 

 you have to use the correct db_name and dbprefix from ez.conf if you are running the mysql commands manually.