Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
1
Merge Requests
1
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
nexedi
gitlab-ce
Commits
f0fa01f6
Commit
f0fa01f6
authored
Apr 03, 2019
by
GitLab Bot
Browse files
Options
Browse Files
Download
Plain Diff
Automatic merge of gitlab-org/gitlab-ce master
parents
d98ff002
e2e8c9ee
Changes
1
Hide whitespace changes
Inline
Side-by-side
Showing
1 changed file
with
6 additions
and
7 deletions
+6
-7
doc/user/profile/account/two_factor_authentication.md
doc/user/profile/account/two_factor_authentication.md
+6
-7
No files found.
doc/user/profile/account/two_factor_authentication.md
View file @
f0fa01f6
...
...
@@ -162,8 +162,7 @@ a new set of recovery codes with SSH.
1.
Run
`ssh git@gitlab.example.com 2fa_recovery_codes`
.
1.
You are prompted to confirm that you want to generate new codes. Continuing this process invalidates previously saved codes.
```
bash
```sh
$ ssh git@gitlab.example.com 2fa_recovery_codes
Are you sure you want to generate new two-factor recovery codes?
Any existing recovery codes you saved will be invalidated. (yes/no)
...
...
@@ -208,17 +207,17 @@ Sign in and re-enable two-factor authentication as soon as possible.
-
You need to take special care to that 2FA keeps working after
[
restoring a GitLab backup
](
../../../raketasks/backup_restore.md
)
.
-
To ensure 2FA authorizes correctly with TOTP server, you may want to ensure
your GitLab server's time is synchronized via a service like NTP.
Otherwise,
your GitLab server's time is synchronized via a service like NTP. Otherwise,
you may have cases where authorization always fails because of time differences.
-
The GitLab U2F implementation does _not_ work when the GitLab instance is accessed from
multiple hostnames, or FQDNs. Each U2F registration is linked to the _current hostname_ at
the time of registration, and cannot be used for other hostnames/FQDNs.
For example, if a user is trying to access a GitLab instance from `first.host.xyz` and `second.host.xyz`:
For example, if a user is trying to access a GitLab instance from
`first.host.xyz`
and
`second.host.xyz`
:
- The user logs in via `first.host.xyz` and registers their U2F key.
- The user logs out and attempts to log in via `first.host.xyz` - U2F authentication succeeds.
- The user logs out and attempts to log in via `second.host.xyz` - U2F authentication fails, because
-
The user logs in via
`first.host.xyz`
and registers their U2F key.
-
The user logs out and attempts to log in via
`first.host.xyz`
- U2F authentication succeeds.
-
The user logs out and attempts to log in via
`second.host.xyz`
- U2F authentication fails, because
the U2F key has only been registered on
`first.host.xyz`
.
[
Google Authenticator
]:
https://support.google.com/accounts/answer/1066447?hl=en
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment
