Auto-enable 2FA policy when adding OTP to a user

[DunklerPhoenix]

Heho.
If I add an OTC the SSH login ask only for the OTC and not the password. Is this behavior intentional?

WG: 0.6.3 Docker

[Eugeny]

Yes, this is expected. By default any single credential suffices, and you need to explicitly select the required credentials in the "Auth policy" section like this:

But automatically enabling this when adding a password + OTP makes sense so I'll keep this ticket open as an enhancement

[DunklerPhoenix]

I tried this auth policy, but it still asks only for 2fa without password. Does warpgate take some time to enable saved settings?

[Eugeny]

No, they're applied immediately. Could you please post the full output of an ssh login with ssh -v (verbose output)?

[DunklerPhoenix]

One-time password: 867637
debug1: Authentication succeeded (keyboard-interactive).
Authenticated to .
debug1: channel 0: new [client-session]
debug1: Entering interactive session.
debug1: pledge: network
debug1: ENABLE_VIRTUAL_TERMINAL_INPUT is supported. Reading the VTSequence from console
debug1: ENABLE_VIRTUAL_TERMINAL_PROCESSING is supported. Console supports the ansi parsing
 Warpgate  Selected target: alphabit02
 Warpgate  Host key (ssh-ed25519): 

 ✓ Warpgate connected
Linux Debian-105-buster-64-minimal 5.10.0-17-amd64 #1 SMP Debian 5.10.136-1 (2022-08-13) x86_64

[DunklerPhoenix]

Ahhh! The settings are sometimes not saved. There is no confirmation after pressing "update". I need to force reload the page (with clearing cache) to see the actual active settings. So even if my screenshot from above shows OTP+Password, it was still set to any. xD