# Using OpenStack CLI With MFA

## Problem

* OpenStack CLI fails with the following after enabling multi-factor authentication (MFA) for a local user.

{% tabs %}
{% tab title="Bash" %}

```bash
$ openstack server list
Not all required auth rules were satisfied: [['totp', 'password']]
```

{% endtab %}
{% endtabs %}

* OpenStack CLI needs to work for local users with MFA enabled.

## Environment

* Platform9 Managed OpenStack - All Versions
* Keystone
* OpenStack CLI

## Procedure

1. Create the following OpenRC file – substituting the variables with your user information (i.e. enter your username and password, along with the applicable region and project).

{% tabs %}
{% tab title="Bash" %}

```bash
export OS_AUTH_URL=https://<DU>/keystone/v3
export OS_REGION_NAME="<REGION>"
export OS_PROJECT_NAME="<PROJECT>"
export OS_PROJECT_DOMAIN_NAME="default"
export OS_USERNAME="<USER>"
export OS_PASSWORD="<PASSWORD>"
read -p "Please enter MFA Token: " OS_TOTP_PASSCODE
export OS_TOTP_PASSCODE=$OS_TOTP_PASSCODE
export OS_TOKEN=$(curl -s -i -H "Content-Type: application/json" -d '{"auth":{"identity":{"methods":["password","totp"],"password":{"user":{"name":"'"$OS_USERNAME"'","domain":{"id":"default"},"password":"'"$OS_PASSWORD"'"}},"totp":{"user":{"name":"'"$OS_USERNAME"'","domain":{"id":"default"},"passcode":"'"$OS_TOTP_PASSCODE"'"}}},"scope":{"project":{"name":"'"$OS_PROJECT_NAME"'","domain":{"id":"default"}}}}}' -X POST $OS_AUTH_URL/auth/tokens | awk '/X-Subject-Token:/{printf $2}' | tr -dc '[:print:]')
export OS_AUTH_TYPE="v3token"
```

{% endtab %}
{% endtabs %}

2. Source the OpenRC file, and use the OpenStack CLI as you would normally.

{% tabs %}
{% tab title="Bash" %}

```bash
source openrc
```

{% endtab %}
{% endtabs %}

## Additional Information

* [OpenStack Docs - Multi-Factor Authentication](https://docs.openstack.org/keystone/latest/user/multi-factor-authentication.html)