Nextcloud version (eg, 10.0.2): 12.0.3
Operating system and version (eg, Ubuntu 16.04): Debian 9.1
Apache or nginx version (eg, Apache 2.4.25): Nginx 1.13.6
PHP version (eg, 5.6): 7.1.10
We’re using the basic encryption module and the LDAP user backend. According to my understanding, in the event of a password change via LDAP, the user needs to have password recovery enabled to be able to retain access to their files. However, this is set to disabled by default, making it easy for a new user to leave themselves in a dangerous state.
Is there any way to set password recovery to enabled by default for new users? Or a way for the admin to force it enabled for all?
No, thats not possible. It also destroys the idea of the password encryption. In the case of a password change the user does not need the recovery key (which helps the admin to access his files) but he needs to remember his old password in addition to the new one.
That plus adding a user to a group after the fact is why I recommend master key encryption or end point encryption to my clients.
@Escubaer, I’m a bit confused if you could help me out.
With the LDAP backend, do users even need to go in to their personal settings and enable password recovery under the the Basic Encryption Module? It appears that your comment does not recommend it and instead advises that the users simply need to remember the old password in addition to the new one. If I recall, the user goes to their personal page and then enters their old password along with a new one.
If the users don’t remember their old password, which one doesn’t in our case now, then it appears we can’t recover the files. This is fine. The problem is that even new files uploaded aren’t allowed to be downloaded since Nextcloud seems to want to use the old password key. Is the fix for this simply deleting everything out of their files folder and then attempting to upload something new?
Puh, tough one. I don’t recommend the recovery key usage, because it is against the purpose of E2EE in the first place. Only usage of a HSM with MFA would fix that, with some complex rules in a large Enterprise.
So if the password is forgotten it is not possible to decrypt and reencrypt. Therefor I think the only option is to delete the user and then generate it newly. Deleting the files alone will not be sufficient as the keys and the salt are still there.
@Escubaer, thanks for the reply. I had suspected as much when I thought about it a bit more. I’m sure Nextcloud is going by the GUID and would need a new one to start from scratch.