Creating a new multi-factor authentication TOTP token

• A running IBM Storage Ceph cluster.

• Ceph Object Gateway is installed.

• You have root access on a Ceph Monitor node.

• A secret seed for the one-time password generator and Ceph Object Gateway MFA was generated.

• Create a new MFA TOTP token:

  Syntax

  radosgw-admin mfa create --uid=USERID --totp-serial=SERIAL --totp-seed=SEED --totp-seed-type=SEED_TYPE --totp-seconds=TOTP_SECONDS --totp-window=TOTP_WINDOW

  Set USERID to the user name to set up MFA on, set SERIAL to a string that represents the ID for the TOTP token, and set SEED to a hexadecimal or base32 value that is used to calculate the TOTP. The following settings are optional: Set the SEED_TYPE to hex or base32, set TOTP_SECONDS to the timeout in seconds, or set TOTP_WINDOW to the number of TOTP tokens to check before and after the current token when validating tokens.

  Example

  [root@host01 ~]# radosgw-admin mfa create --uid=johndoe --totp-serial=MFAtest --totp-seed=492dedb20cf51d1405ef6a1316017e

For more information, see the following:

• Creating a seed for multi-factor authentication
• Resynchronizing a multi-factor authentication TOTP token