Fully automatic QR-code generator for 2-Factor Authentication in Horizon View

This post was originally published on this site

We are using the 2-Factor Authentication from Google in Horizon View all for our external Horizon users. Therefore we have setup a CentOS VM with the Google Authenticator package installed. The Guide for this can be found here: https://blogs.vmware.com/consulting/files/2015/02/VMW_15Q1_TD_Horizon-View-Google-Authenticator_021715_FINAL_EMonjoin.pdf


Because Sysadmins are a bit lazy and we also do not want to generate every QR-code by hand for all our Users, we have come up with this fully automated Linux script.

A cronjob runs this script every 5 minutes. If a new user and HomeDir is created, the script automaticly creates the QR-code for this user and places a textfile with the URL for the QR-code in the Users Homedir. It works like a charm and saves us a lot of time.


  Feel free to use this script in your own environment, but please leave the header info as it is




# This script is created by John at RTV-Noord. You may use and distribute
# it as long as you keep this header as it is. 
# There are some prerequisites to make this script work:
# - machine you run it from is a Active Directory Domain member
# - the share with AD homedirs is mounted on /mnt/home
# - the google-authenticator package is installed
# - replace domainname.com with your AD domainname

ls /mnt/home > all_users
MAKEQR=$(comm -3 all_users users_with_qr | wc -l)

if [ $MAKEQR -gt 0 ]; then
    echo "Found users without QR."
    comm -3 all_users users_with_qr > users_without_qr
    for user in $(cat users_without_qr); do
        echo "    $(date) make qr for $user..."
        su -l "$user@domainname.com" -c "google-authenticator -tdf -r 3 -R 30 -w 17 -Q UTF8 | grep http > google-authenticator.txt"
        mv /home/$user@domainname.com/google-authenticator.txt /mnt/home/$user/
    cat all_users > users_with_qr
    rm users_without_qr
    echo "$MAKEQR QR-code has been created"

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.