You can now limit which users can create login tokens. #3787

2025-11-07 21:02:53 -05:00 · 2022-03-24 15:05:20 -07:00
parent 7d1d0853a0
commit 1356dae4f2
4 changed files with 15 additions and 3 deletions
--- a/meshcentral-config-schema.json
+++ b/meshcentral-config-schema.json
@@ -455,7 +455,7 @@
              "skip2factor": { "type": "string", "description": "IP addresses where 2FA login is skipped, for example: 127.0.0.1,192.168.2.0/24" },
              "oldPasswordBan": { "type": "integer", "description": "Number of old passwords the server should remember and not allow the user to switch back to." },
              "banCommonPasswords": { "type": "boolean", "default": false, "description": "Uses WildLeek to block use of the 10000 most commonly used passwords." },
-              "loginTokens": { "type": "boolean", "default": true, "description": "Allows users to create alternative username/passwords for their account." },
+              "loginTokens": { "type": [ "boolean", "array" ], "default": true, "description": "Allows users to create alternative username/passwords for their account. Set to false to disallow all users, or set to a userid array to only all some users." },
              "twoFactorTimeout": { "type": "integer", "default": 300, "description": "Maximum about of time the to wait for a 2FA token on the login page in seconds." },
              "autofido2fa": { "type": "boolean", "default": false, "description": "If true and user account has FIDO key setup, 2FA login screen will automatically request FIDO 2FA." },
              "maxfidokeys": { "type": "integer", "default": null, "description": "Maximum number of FIDO/YubikeyOTP hardware 2FA keys that can be setup in a user account." },