Two-factor Authentication (2FA) with One-Time-Password (OTP) newi

2FA with One-Time-Passowrd (OTP) Guide

We have introduced a Two-Factor Authentication (2FA) using One-Time-Password (OTP) to enhance the security environment. Please follow the GSDC OTP guide (written in both Korean and English) through the link below to enable it on your TEM account. Note that you must follow the guide when you are already logged in.

You are strongly recommended to do so as soon as possible because once all TEM user accounts are OTP enabled, then we plan to suspend the policy requiring source IPs.

2FA Tips and Tricks

How can I resolve the IPA command error?

This error occurs when the credentials issued by your authentication system, which are valid for one day, expire or become invalid. Here are the steps to resolve this issue:

Open your terminal and execute the following command to obtain new credentials.

$> kinit
Password for XXXXXX@SDFARM.KR: (Enter your password)

Enter your password and press Enter to generate new credentials. Now, re-run the “ipa otptoken-add” command. It should execute without errors, using the newly generated credentials.

How can I resolve “Unable to display QR code” error?

When connecting to the GSDC login server via a lab workstation/desktop using the GNOME Terminal in a Linux system (e.g., Ubuntu), executing the “ipa otptoken-add” command results in the message “ipa: WARNING: Unable to display QR code using the configured output encoding. Please use the token URI to configure your OTP device”.

To resolve this issue, you can force the use of a locale supported by the internal Python QR code package within the ipa tool. Use the following command:

$> LANG=en_US.UTF-8 LC_ALL=en_US.UTF-8 ipa otptoken-add --algo=sha512

Releasing screen lock

When the screen lock is activated while using OTP, it prompts for a password with a message like :

Screen used by [UserName] <[UserID]> on [loginNodeName].
Password:

What password should I use to unlock it? To unlock the screen in this scenario, you should enter both the First Factor (usually your regular password) and the Second Factor (the OTP generated by your OTP token). Combining these two factors (with consequtive password + otp) will allow you to unlock the screen and continue using your session.