Guac’s great, but there’s no interface for changing the TOTP key once it’s set for a user.
I’m using docker-compose to build this, so your method might be different.
Connect to postgresql:
psql guacamole postgres
To make sure you’re in the right db, type
\dt and hit enter, it should show you a bunch of tables starting with
This is the query, copypasta should do it.
select entity.name, uid.user_id, uattr.attribute_value from guacamole_user as uid, guacamole_user_attribute as uattr, guacamole_entity as entity where uattr.attribute_name='guac-totp-key-secret' AND uid.entity_id=entity.entity_id AND uid.user_id=uattr.user_id;
And the result I get (I’ve only got one user)
name | user_id | attribute_value ---------+---------+---------------------------------- yaleman | 2 | <redacted>AAAABBBBCCCCDDDD333311
This is more a note for myself for the future than useful documentation… I’m pretty sure you could change the user’s token by updating the value in the
There’s a PR on the repository adding functionality to reset user tokens, this might be an option for the future.
Update 2021-09-26: A helpful user pointed out that my SQL query was wrong in some cases (was
AND uid=user_id=entity.entity_id, is now
AND uid.entity_id=entity.entity_id. Thanks!