[pbs-devel] [PATCH proxmox-backup v4 16/16] docs: user-management: document `pam` and `pbs` authentication realm

From: Christoph Heiss <c.heiss@proxmox.com>
To: pbs-devel@lists.proxmox.com
Subject: [pbs-devel] [PATCH proxmox-backup v4 16/16] docs: user-management: document `pam` and `pbs` authentication realm
Date: Fri, 23 Aug 2024 13:07:36 +0200	[thread overview]
Message-ID: <20240823110737.831304-17-c.heiss@proxmox.com> (raw)
In-Reply-To: <20240823110737.831304-1-c.heiss@proxmox.com>

Signed-off-by: Christoph Heiss <c.heiss@proxmox.com>
---
Changes v3 -> v4:
  * new patch

 docs/user-management.rst | 30 ++++++++++++++++++++++++++++--
 www/OnlineHelpInfo.js    |  8 ++++++++
 www/Utils.js             |  1 +
 3 files changed, 37 insertions(+), 2 deletions(-)

diff --git a/docs/user-management.rst b/docs/user-management.rst
index c670cbf6..17ef6f75 100644
--- a/docs/user-management.rst
+++ b/docs/user-management.rst
@@ -16,8 +16,8 @@ User Configuration
 choose the realm when you add a new user. Possible realms are:
 
 :pam: Linux PAM standard authentication. Use this if you want to
-      authenticate as a Linux system user (users need to exist on the
-      system).
+      authenticate as a Linux system user. The users needs to already exist on
+      the host system.
 
 :pbs: Proxmox Backup Server realm. This type stores hashed passwords in
       ``/etc/proxmox-backup/shadow.json``.
@@ -599,6 +599,32 @@ list view in the web UI, or using the command line:
 Authentication Realms
 ---------------------
 
+.. _user_realms_pam:
+
+Linux PAM
+~~~~~~~~~
+
+Linux PAM is a framework for system-wide user authentication. These users are
+created on the host system with commands such as ``adduser``.
+
+If PAM users exist on the host system, corresponding entries can be added to
+Proxmox Backup Server, to allow these users to log in via their system username
+and password.
+
+.. _user_realms_pbs:
+
+Proxmox Backup authentication server
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+This is a Unix-like password store, which stores hashed passwords in
+``/etc/proxmox-backup/shadow.json``. Passwords are hashed using the SHA-256
+hashing algorithm.
+
+This is the most convenient realm for small-scale (or even mid-scale)
+installations, where users do not need access to anything outside of Proxmox
+Backup Server. In this case, users are fully managed by Proxmox Backup Server
+and are able to change their own passwords via the GUI.
+
 .. _user_realms_ldap:
 
 LDAP
diff --git a/www/OnlineHelpInfo.js b/www/OnlineHelpInfo.js
index 556e87e7..81613f62 100644
--- a/www/OnlineHelpInfo.js
+++ b/www/OnlineHelpInfo.js
@@ -431,6 +431,14 @@ const proxmoxOnlineHelpInfo = {
     "link": "/docs/user-management.html#user-tfa-lockout",
     "title": "Limits and Lockout of Two-Factor Authentication"
   },
+  "user-realms-pam": {
+    "link": "/docs/user-management.html#user-realms-pam",
+    "title": "Linux PAM"
+  },
+  "user-realms-pbs": {
+    "link": "/docs/user-management.html#user-realms-pbs",
+    "title": "Proxmox Backup authentication server"
+  },
   "user-realms-ldap": {
     "link": "/docs/user-management.html#user-realms-ldap",
     "title": "LDAP"
diff --git a/www/Utils.js b/www/Utils.js
index 15724958..15503fe1 100644
--- a/www/Utils.js
+++ b/www/Utils.js
@@ -456,6 +456,7 @@ Ext.define('PBS.Utils', {
 	    pbs: {
 		name: 'Proxmox Backup authentication server',
 		ipanel: 'pmxAuthSimplePanel',
+		onlineHelp: 'user-realms-pam',
 		add: false,
 		edit: true,
 		pwchange: true,
-- 
2.45.2



_______________________________________________
pbs-devel mailing list
pbs-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pbs-devel

