跳过Hermes SEG Admin One-Time Password验证

Tue, 29 Nov 2022 16:17:57 +0800

登录Hermes SEG提示要做动态口令认证，因为是测试环境，所以决定取消该认证。

因为无法登录网页控制台，所以通过修改数据库修改配置。结果发现"access_control" 是"one_factor"，用户配置并没有开启。

select * from system_users;
+----+----------+-----------------------------+-----------------+------------+-----------+--------+----------------+---------+
| id | username | password | email | first_name | last_name | system | access_control | applied |
+----+----------+-----------------------------+-----------------+------------+-----------+--------+----------------+---------+
| 1 | admin | $argon2id$v=19$m=65536,t... | abcdef@test.com | System | User | 1 | one_factor | 1 |
+----+----------+-----------------------------+-----------------+------------+-----------+--------+----------------+---------+
1 row in set (0.000 sec)

根据官网文档，执行脚本/opt/hermes/scripts/disable_authelia_2fa.sh，也就是修改/etc/authelia/users_database.yml,依然无效。

users:
 admin:
 displayname: "System User"
 password: "$argon2id$v=19$m=65536,t..."
 email: abcdef@test.com
 groups:
 - one_factor

最后修改/etc/authelia/configuration.yml 将policy: two_factor 改为 policy: one_factor 然后systemctl restart authelia成功跳过验证。

access_control:
 default_policy: deny
 rules:
 # Rules applied to everyone
 - domain: 10.0.0.201
 resources:
 - '^/admin([/?].*)?$'
 subject: "group:two_factor"
 policy: two_factor

Hermes_seg on HiDa

跳过Hermes SEG Admin One-Time Password验证