I’ve enabled Kubernetes auth method to be used by my web service, and instead of only revoking the root token that can be regenerated by unseal keys holders, I want to enable MFA against the root token auth method only, is this possible to be enforced? since it doesn’t seem to be working with me.
Root tokens are not created by any normal auth method login process - only by a quorum of unseal keys, or by direct token creation operations by other root tokens.
Also Vault has three different MFA systems.
You’ll need to clarify your question, to enable people to help.