* [pmg-devel] [PATCH pmg-docs 0/2] minor cleanup of tfa docs
@ 2021-11-29 17:29 Stoiko Ivanov
2021-11-29 17:30 ` [pmg-devel] [PATCH pmg-docs 1/2] tfa: add notes regarding cluster creation and tfa Stoiko Ivanov
` (2 more replies)
0 siblings, 3 replies; 4+ messages in thread
From: Stoiko Ivanov @ 2021-11-29 17:29 UTC (permalink / raw)
To: pmg-devel
the first patchadds a short note regarding cluster creation not being
possible if the root user has tfa enabled, to both the user and cluster
docs
the second patch removes a few PVE specifics not applicable to PMG from the
tfa docs
Stoiko Ivanov (2):
tfa: add notes regarding cluster creation and tfa
tfa: cleanup PVE specifics
pmgcm.adoc | 4 ++++
pmgconfig.adoc | 12 +++++++-----
2 files changed, 11 insertions(+), 5 deletions(-)
--
2.30.2
^ permalink raw reply [flat|nested] 4+ messages in thread
* [pmg-devel] [PATCH pmg-docs 1/2] tfa: add notes regarding cluster creation and tfa
2021-11-29 17:29 [pmg-devel] [PATCH pmg-docs 0/2] minor cleanup of tfa docs Stoiko Ivanov
@ 2021-11-29 17:30 ` Stoiko Ivanov
2021-11-29 17:30 ` [pmg-devel] [PATCH pmg-docs 2/2] tfa: cleanup PVE specifics Stoiko Ivanov
2021-12-01 10:22 ` [pmg-devel] applied-series: [PATCH pmg-docs 0/2] minor cleanup of tfa docs Thomas Lamprecht
2 siblings, 0 replies; 4+ messages in thread
From: Stoiko Ivanov @ 2021-11-29 17:30 UTC (permalink / raw)
To: pmg-devel
Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
---
pmgcm.adoc | 4 ++++
pmgconfig.adoc | 4 ++++
2 files changed, 8 insertions(+)
diff --git a/pmgcm.adoc b/pmgcm.adoc
index 2e93d3a..9a7aa7f 100644
--- a/pmgcm.adoc
+++ b/pmgcm.adoc
@@ -261,6 +261,10 @@ a password. When joining a cluster using the GUI, you also need to
enter the 'fingerprint' of the master node. You can get this information
by pressing the `Add` button on the master node.
+NOTE: Joining a cluster, with enabled two-factor authentication for the
+`root` user is not supported - remove the second factor while joining the
+cluster.
+
CAUTION: Node initialization deletes all existing databases, stops all
services accessing the database and then restarts them. Therefore, do
not add nodes which are already active and receive mail.
diff --git a/pmgconfig.adoc b/pmgconfig.adoc
index eaf0cc0..68ebae5 100644
--- a/pmgconfig.adoc
+++ b/pmgconfig.adoc
@@ -964,6 +964,10 @@ Two-Factor Authentication
Users of the admin interface can configure two-factor authentication to
increase protection of their accounts.
+NOTE: Joining a cluster, with enabled two-factor authentication for the
+`root` user is not supported - remove the second factor while joining the
+cluster.
+
Available Second Factors
~~~~~~~~~~~~~~~~~~~~~~~~
--
2.30.2
^ permalink raw reply [flat|nested] 4+ messages in thread
* [pmg-devel] [PATCH pmg-docs 2/2] tfa: cleanup PVE specifics
2021-11-29 17:29 [pmg-devel] [PATCH pmg-docs 0/2] minor cleanup of tfa docs Stoiko Ivanov
2021-11-29 17:30 ` [pmg-devel] [PATCH pmg-docs 1/2] tfa: add notes regarding cluster creation and tfa Stoiko Ivanov
@ 2021-11-29 17:30 ` Stoiko Ivanov
2021-12-01 10:22 ` [pmg-devel] applied-series: [PATCH pmg-docs 0/2] minor cleanup of tfa docs Thomas Lamprecht
2 siblings, 0 replies; 4+ messages in thread
From: Stoiko Ivanov @ 2021-11-29 17:30 UTC (permalink / raw)
To: pmg-devel
Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
---
pmgconfig.adoc | 8 +++-----
1 file changed, 3 insertions(+), 5 deletions(-)
diff --git a/pmgconfig.adoc b/pmgconfig.adoc
index 68ebae5..79c6415 100644
--- a/pmgconfig.adoc
+++ b/pmgconfig.adoc
@@ -975,8 +975,7 @@ You can set up multiple second factors, in order to avoid a situation in which
losing your smartphone or security key locks you out of your account
permanently.
-The following two-factor authentication methods are available in addition to
-realm-enforced TOTP and YubiKey OTP:
+The following two-factor authentication methods are available:
* User configured TOTP
(https://en.wikipedia.org/wiki/Time-based_One-Time_Password[Time-based One-Time Password]).
@@ -996,8 +995,7 @@ Configuration of Two-Factor
~~~~~~~~~~~~~~~~~~~~~~~~~~~
Users can choose to enable 'TOTP' or 'WebAuthn' as a second factor on login,
-via the 'TFA' button in the user list (unless the realm enforces 'YubiKey
-OTP').
+via the 'TFA' button in the user list.
Users can always add and use one time 'Recovery Keys'.
@@ -1032,7 +1030,7 @@ field and pressing the 'Apply' button.
For WebAuthn to work, you need to have two things:
* A trusted HTTPS certificate (for example, by using
- https://pve.proxmox.com/wiki/Certificate_Management[Let's Encrypt]).
+ xref:sysadmin_certs_get_trusted_acme_cert[Let's Encrypt]).
While it probably works with an untrusted certificate, some browsers may
warn or refuse WebAuthn operations if it is not trusted.
* Setup the WebAuthn configuration (see *User Management -> Two Factor ->
--
2.30.2
^ permalink raw reply [flat|nested] 4+ messages in thread
* [pmg-devel] applied-series: [PATCH pmg-docs 0/2] minor cleanup of tfa docs
2021-11-29 17:29 [pmg-devel] [PATCH pmg-docs 0/2] minor cleanup of tfa docs Stoiko Ivanov
2021-11-29 17:30 ` [pmg-devel] [PATCH pmg-docs 1/2] tfa: add notes regarding cluster creation and tfa Stoiko Ivanov
2021-11-29 17:30 ` [pmg-devel] [PATCH pmg-docs 2/2] tfa: cleanup PVE specifics Stoiko Ivanov
@ 2021-12-01 10:22 ` Thomas Lamprecht
2 siblings, 0 replies; 4+ messages in thread
From: Thomas Lamprecht @ 2021-12-01 10:22 UTC (permalink / raw)
To: Stoiko Ivanov, pmg-devel
On 29.11.21 18:29, Stoiko Ivanov wrote:
> the first patchadds a short note regarding cluster creation not being
> possible if the root user has tfa enabled, to both the user and cluster
> docs
>
> the second patch removes a few PVE specifics not applicable to PMG from the
> tfa docs
>
> Stoiko Ivanov (2):
> tfa: add notes regarding cluster creation and tfa
> tfa: cleanup PVE specifics
>
> pmgcm.adoc | 4 ++++
> pmgconfig.adoc | 12 +++++++-----
> 2 files changed, 11 insertions(+), 5 deletions(-)
>
applied, thanks! I reworded the note slightly to (hopefully) slightly less complex
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2021-12-01 10:22 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-11-29 17:29 [pmg-devel] [PATCH pmg-docs 0/2] minor cleanup of tfa docs Stoiko Ivanov
2021-11-29 17:30 ` [pmg-devel] [PATCH pmg-docs 1/2] tfa: add notes regarding cluster creation and tfa Stoiko Ivanov
2021-11-29 17:30 ` [pmg-devel] [PATCH pmg-docs 2/2] tfa: cleanup PVE specifics Stoiko Ivanov
2021-12-01 10:22 ` [pmg-devel] applied-series: [PATCH pmg-docs 0/2] minor cleanup of tfa docs Thomas Lamprecht
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.
Service provided by Proxmox Server Solutions GmbH | Privacy | Legal