RobertRo

Hello, i am in the process of writing PasswordState support for mRemote (https://github.com/mRemoteNG/mRemoteNG/pull/2591) Authentication to the PasswordState API via APIKey and Winauth works fine. Turning on MFA requirement works fine as well - but only once. As the MFA code rotates every few minutes, the user would have to constantly update the new MFA code before doing subsequent API calls. This is inconvenient / not usable. a "simple" solution would be to add an additional authentication option: let's call it "token". - the user does one initial API call to an "authentication" endpoint, providing API token and MFA or WinAuth and MFA as usual. - the server responds with an auth token, valid for 4 hours (customizable) - the user can now do subsequent API calls with the auth token. could this functionality be added to the API? (or is it already there and i am not seeing it?) thanks Robert

Hello, unter administration / active directory domains i have added a domain and specified netbios and FQDN as required. when fetching active directory accounts via the API only the netbios domain name is available though: could you add a field "DomainFQDN" and return the fqdn as well? thanks RR

sorry for my late reply. just wanted to check back that your solution from the documentation works perfectly fine. customer is happy (and me too many thanks, great product!

Hello, i'm implementing Passwordstate in a customer environment which is hardened. specifically, the security setting: Local Policies\Security Options\Network security: Restrict NTLM: Incoming NTLM traffic is set to "Deny All Accounts" on all servers. This breaks the Remote Session Launcher: "The authentication Username or Password appears to be incorrect, or the Host is not available. This window will now close when you click the "OK" button, and you will need to correct your login credentials." Switching this setting to "Allow All" immediately makes the launcher work, but this is not desired in this environment. Any chance the gateway can be told to talk kerberos correctly?