google-authenticator prompts for new TOTP in apache2 web app

95 views

Skip to first unread message

thor...@gmail.com

unread,

May 24, 2018, 4:40:17 PM5/24/18

to google-authenticator-apache-module

I have the following configuration on my apache2 web server for MYAPP. Everything authenticates just fine, but I get prompted for a new ga code all the time. Far more often than the GoogleAuthCookieLife of one hour.

At the bottom is a redacted version of my of my ga auth files. I'm not sure if some of those numbers are forcing a new TOTP code like every 5-10 minutes.

Any help?

MYAPP.conf:

<VirtualHost *:443>
ServerAdmin xx...@xxxx.xxx
ServerName xxxx.xxx
DocumentRoot /var/www/MYAPP/app/webroot
<Directory /var/www/MYAPP/app/webroot>
Options FollowSymLinks Indexes ExecCGI
AllowOverride All
Order deny,allow
Allow from all
AuthType Basic
AuthName "Google Authenticator MFA"
AuthBasicProvider "google_authenticator"
Require valid-user
GoogleAuthUserPath /path/to/ga_auth
GoogleAuthCookieLife 3600
GoogleAuthEntryWindow 2
</Directory>

SSLEngine On
SSLCertificateFile /path/to/server.crt
SSLCertificateKeyFile /path/to/server.key
SSLCertificateChainFile /path/to/chain.crt

LogLevel warn
ErrorLog /var/log/apache2/myserver.local_error.log
CustomLog /var/log/apache2/myserver.local_access.log combined
ServerSignature Off
</VirtualHost>

ga_auth file example:

**********************************
" RATE_LIMIT 3 30 1526568690
" DISALLOW_REUSE 50885623
" TOTP_AUTH
********
********
********
********
********

Reply all

Reply to author

Forward

0 new messages