Four eyes feature

Issue #481 resolved

Former user created an issue 2015-01-18

Implement a feature that the login is restricted to "four eyes". That means a login is only possible if two users (e.g. Administrator an Auditor) log in at the same time.

Comments (22)

Janos SUTO repo owner
So you want to allow userX in if both userA and userB are already logged in?
- 2015-01-18T13:28:34+00:00
thooge
No.

There should be an option where both users must sit in front of the screen and both must enter the password. A login screen with two users and two passwords. In the highest security mode one administrator alone is not allowed to access the system.
- 2015-01-18T15:41:03+00:00
Janos SUTO repo owner
OK, I see. Is it for 'super users' (=auditor users) only or even a regular user would be restricted with this feature? Note that administrator is not to be used for searching, since they have no such elevated rights, rather they should be used for only administering, configuring piler, etc, but searching.
- 2015-01-19T08:51:54+00:00
thooge
At first sight i would say a regular user has access to its own mails. Thats fine.

The four eyes feature should apply to administrators and auditors: A auditor is only allowed to login together with an administrator

A second feature could be: A administrator is only allowed to login with a second administrator.
- 2015-01-19T10:05:14+00:00
Janos SUTO repo owner
OK, thanks for clarifying, it makes sense. I'll let you know when the feature is ready to test.
- 2015-01-19T10:07:54+00:00
Janos SUTO repo owner
Issue ~~#501~~ was marked as a duplicate of this issue.
- 2015-02-12T10:46:12+00:00
Karsten Bandlow
We use such a feature with a splitted password. Both users know only their part of the password.
- 2015-02-18T07:34:53+00:00
Janos SUTO repo owner
Actually this is quite a good idea, at least in the sense of that it's actually already usable. Though there's one drawback: someone has to know the complete (=both parts) password. Anyway if thooge accepts it, then we are done here.
- 2015-02-18T14:55:11+00:00
thooge
For the splitted password there must be exactly 2 well known persons who share the password. It does not fit for the situation where from a set of <n> persons must be <m> (with m <= n) logged in together, for the most complicated use-case.

To make it just a little bit more complicated: perhaps someone wants the feature "if there are the groups administrators and auditors, one person must be of the group administrators and another person member of auditors". Ok, that would be "advanced configuration" ;-)

@Jutso: I don't think anyone must know the whole splitted password. If a new password is needed, both persons must be there and each of them enters his part.

So finally i can use the workaround for now but it would be nice to have such a feature in the future. Perhaps don't close the ticket but set it to lower priority.
- 2015-02-18T15:28:13+00:00
Janos SUTO repo owner
OK, then I'll redesign the session data of the authenticated user to prevent the 2nd auth session take over. I'll add a new config option, and if it's set and an auditor tries to login, then it redirects the page to another login form where an admin can also type his auth credentials.
- 2015-02-18T15:34:10+00:00
Janos SUTO repo owner
I've just updated the master branch, please check out the 4eyes feature. To enable it set the following in config-site.php:
```
$config['FOUR_EYES_LOGIN_FOR_AUDITOR'] = 1;
```
Then after you login as auditor, you have to type an admin account as well.
- 2015-02-20T12:01:50+00:00
eggi
Hi jsuto !

How is the procedure to install the update ? So, i can give you a feedback for the new feature

thanks

Chris
- 2015-02-21T09:55:09+00:00
Janos SUTO repo owner
If you have 1.1.0, then download the master branch (see the download section), and update (=overwrite) the gui.
- 2015-02-21T10:29:56+00:00
eggi
HI jsuto ! the redirect works, but if i use the auditor login two times i am in
- 2015-02-21T16:53:38+00:00
Janos SUTO repo owner
I've just tried the auditor@local account twice, and it didn't let me in.
- 2015-02-21T17:20:56+00:00
eggi
the issues is the combination 4eyes auth and auth imap server if i switch off the imap server auth the 4eye auth works but not in combination
- 2015-02-23T08:18:11+00:00
thooge
I have a standard installation and it seems to work. Thank you very much :-) There is a minor improvement possible: Please add a cancel-button to the second login. If the first login was successful there seems to be no way back to abort the login-process and restart again.
- 2015-02-23T09:33:04+00:00
Janos SUTO repo owner
@thooge: ok, I've added a cancel button which redirects you to logout.php, and allows you to start it over.

@ceggi: I'm confused how the imap login attempt interferes with the 4eyes feature. Both auditor and admin accounts should exist only in the local piler database. Please describe what happens when you turn on both 4eyes and imap auth.
- 2015-02-23T11:40:10+00:00
eggi
if i actived booth : auditor login, the system switch to the 4eye procedure ( 2. login ) and when i use the auditor login again, the system let me in so this is not 4eye auth except i`m wearing glases ;-)
- 2015-02-23T12:03:57+00:00
Janos SUTO repo owner
I can't reproduce it. Check if you have the following line in controler/login/foureyes.php:
```
syslog(LOG_INFO, "user " . $data2['username'] . " is not an admin user");
```
If not, then download the master branch again, and update the gui files.
- 2015-02-23T12:40:05+00:00
eggi
it works, with the new master branch !! great job :-)
- 2015-02-23T13:06:31+00:00
Janos SUTO repo owner
- changed status to resolved
OK, then it's solved.
- 2015-02-23T13:13:27+00:00
Log in to comment

Assignee: Janos SUTO

Type: proposal

Priority: minor

Status: resolved

Votes: 0

Watchers: 4