Implementing TOTP-based authentication

[sivaalamp]

1. Vertica now supports TOTP-based authentication as part of its multi-factor authentication (MFA) framework.

2. The following sequence of SQL commands is used to create an MFA-enabled user in Vertica:

          CREATE USER sivaot IDENTIFIED BY 'vertica';
          GRANT ALL PRIVILEGES ON DATABASE vsql sivaot;
          GRANT ALL ON SCHEMA public TO sivaot;
          CREATE AUTHENTICATION pw_local_mfa METHOD 'password' LOCAL ENFORCEMFA;
          CREATE AUTHENTICATION pw_ipv4_mfa METHOD 'password' HOST '0.0.0.0/0' ENFORCEMFA;
          CREATE AUTHENTICATION pw_ipv6_mfa METHOD 'password' HOST '::/0' ENFORCEMFA;
          GRANT AUTHENTICATION pw_local_mfa TO sivaot;
          GRANT AUTHENTICATION pw_ipv4_mfa TO sivaot;
          GRANT AUTHENTICATION pw_ipv6_mfa TO sivaot;
   

3. After user creation, the generated secret key must be added to a TOTP application (e.g., Microsoft Authenticator).

4. The TOTP app then generates a time-based one-time passcode (OTP) every 30 seconds, which the user must provide during login for verification.

5. Corresponding Go unit tests have been added to validate the TOTP-based authentication flow.

6. Currently, all TOTP-related test cases in TestTOTPConnection have been commented out because the latest Vertica Kubernetes image does not yet include the server-side TOTP implementation.

7. All tests, including the TOTP-related ones, have been verified locally and are passing successfully (screenshot attached). The tests are commented out temporarily to ensure CI/CD pipeline stability.

8. Once a Vertica Kubernetes image with TOTP support becomes available, the TOTP test cases will be uncommented and included in the regular test suite.

[CLAassistant]

All committers have signed the CLA.

[vipulkotfi]

Changes Looks good