Resynchronizing a multi-factor authentication TOTP token

Resynchronize a multi-factor authentication (MFA) time-based one time password token.

Prerequisites

A running IBM Storage Ceph cluster.
Ceph Object Gateway is installed.
You have root access on a Ceph Monitor node.
An MFA TOTP token was created using radosgw-admin mfa create.

Procedure

Resynchronize a multi-factor authentication TOTP token in case of time skew or failed checks.

This requires passing in two consecutive pins: the previous pin, and the current pin.

Syntax
```
radosgw-admin mfa resync --uid=USERID --totp-serial=SERIAL --totp-pin=PREVIOUS_PIN --totp=pin=CURRENT_PIN
```
Set USERID to the user name MFA is set up on, set SERIAL to the string that represents the ID for the TOTP token, set PREVIOUS_PIN to the user’s previous PIN, and set CURRENT_PIN to the user’s current PIN.

Example
```
[root@host01 ~]# radosgw-admin mfa resync --uid=johndoe --totp-serial=MFAtest --totp-pin=802021 --totp-pin=439996
```
Verify the token was successfully resynchronized by testing a new PIN:

Syntax
```
radosgw-admin mfa check --uid=USERID --totp-serial=SERIAL --totp-pin=PIN
```
Set USERID to the user name MFA is set up on, set SERIAL to the string that represents the ID for the TOTP token, and set PIN to the user’s PIN.

Example
```
[root@host01 ~]# radosgw-admin mfa check  --uid=johndoe --totp-serial=MFAtest --totp-pin=870305
ok
```

Reference

For more information, see Creating a seed for multi-factor authentication.