From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <pbs-devel-bounces@lists.proxmox.com>
Received: from firstgate.proxmox.com (firstgate.proxmox.com [IPv6:2a01:7e0:0:424::9])
	by lore.proxmox.com (Postfix) with ESMTPS id 99A641FF178
	for <inbox@lore.proxmox.com>; Fri, 23 Aug 2024 13:08:05 +0200 (CEST)
Received: from firstgate.proxmox.com (localhost [127.0.0.1])
	by firstgate.proxmox.com (Proxmox) with ESMTP id 2A4D7E39E;
	Fri, 23 Aug 2024 13:08:27 +0200 (CEST)
From: Christoph Heiss <c.heiss@proxmox.com>
To: pbs-devel@lists.proxmox.com
Date: Fri, 23 Aug 2024 13:07:36 +0200
Message-ID: <20240823110737.831304-17-c.heiss@proxmox.com>
X-Mailer: git-send-email 2.45.2
In-Reply-To: <20240823110737.831304-1-c.heiss@proxmox.com>
References: <20240823110737.831304-1-c.heiss@proxmox.com>
MIME-Version: 1.0
X-SPAM-LEVEL: Spam detection results:  0
 AWL 0.034 Adjusted score from AWL reputation of From: address
 BAYES_00                 -1.9 Bayes spam probability is 0 to 1%
 DMARC_MISSING             0.1 Missing DMARC policy
 KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment
 SPF_HELO_NONE           0.001 SPF: HELO does not publish an SPF Record
 SPF_PASS               -0.001 SPF: sender matches SPF record
 T_SCC_BODY_TEXT_LINE    -0.01 -
Subject: [pbs-devel] [PATCH proxmox-backup v4 16/16] docs: user-management:
 document `pam` and `pbs` authentication realm
X-BeenThere: pbs-devel@lists.proxmox.com
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Proxmox Backup Server development discussion
 <pbs-devel.lists.proxmox.com>
List-Unsubscribe: <https://lists.proxmox.com/cgi-bin/mailman/options/pbs-devel>, 
 <mailto:pbs-devel-request@lists.proxmox.com?subject=unsubscribe>
List-Archive: <http://lists.proxmox.com/pipermail/pbs-devel/>
List-Post: <mailto:pbs-devel@lists.proxmox.com>
List-Help: <mailto:pbs-devel-request@lists.proxmox.com?subject=help>
List-Subscribe: <https://lists.proxmox.com/cgi-bin/mailman/listinfo/pbs-devel>, 
 <mailto:pbs-devel-request@lists.proxmox.com?subject=subscribe>
Reply-To: Proxmox Backup Server development discussion
 <pbs-devel@lists.proxmox.com>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: pbs-devel-bounces@lists.proxmox.com
Sender: "pbs-devel" <pbs-devel-bounces@lists.proxmox.com>

Signed-off-by: Christoph Heiss <c.heiss@proxmox.com>
---
Changes v3 -> v4:
  * new patch

 docs/user-management.rst | 30 ++++++++++++++++++++++++++++--
 www/OnlineHelpInfo.js    |  8 ++++++++
 www/Utils.js             |  1 +
 3 files changed, 37 insertions(+), 2 deletions(-)

diff --git a/docs/user-management.rst b/docs/user-management.rst
index c670cbf6..17ef6f75 100644
--- a/docs/user-management.rst
+++ b/docs/user-management.rst
@@ -16,8 +16,8 @@ User Configuration
 choose the realm when you add a new user. Possible realms are:
 
 :pam: Linux PAM standard authentication. Use this if you want to
-      authenticate as a Linux system user (users need to exist on the
-      system).
+      authenticate as a Linux system user. The users needs to already exist on
+      the host system.
 
 :pbs: Proxmox Backup Server realm. This type stores hashed passwords in
       ``/etc/proxmox-backup/shadow.json``.
@@ -599,6 +599,32 @@ list view in the web UI, or using the command line:
 Authentication Realms
 ---------------------
 
+.. _user_realms_pam:
+
+Linux PAM
+~~~~~~~~~
+
+Linux PAM is a framework for system-wide user authentication. These users are
+created on the host system with commands such as ``adduser``.
+
+If PAM users exist on the host system, corresponding entries can be added to
+Proxmox Backup Server, to allow these users to log in via their system username
+and password.
+
+.. _user_realms_pbs:
+
+Proxmox Backup authentication server
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+This is a Unix-like password store, which stores hashed passwords in
+``/etc/proxmox-backup/shadow.json``. Passwords are hashed using the SHA-256
+hashing algorithm.
+
+This is the most convenient realm for small-scale (or even mid-scale)
+installations, where users do not need access to anything outside of Proxmox
+Backup Server. In this case, users are fully managed by Proxmox Backup Server
+and are able to change their own passwords via the GUI.
+
 .. _user_realms_ldap:
 
 LDAP
diff --git a/www/OnlineHelpInfo.js b/www/OnlineHelpInfo.js
index 556e87e7..81613f62 100644
--- a/www/OnlineHelpInfo.js
+++ b/www/OnlineHelpInfo.js
@@ -431,6 +431,14 @@ const proxmoxOnlineHelpInfo = {
     "link": "/docs/user-management.html#user-tfa-lockout",
     "title": "Limits and Lockout of Two-Factor Authentication"
   },
+  "user-realms-pam": {
+    "link": "/docs/user-management.html#user-realms-pam",
+    "title": "Linux PAM"
+  },
+  "user-realms-pbs": {
+    "link": "/docs/user-management.html#user-realms-pbs",
+    "title": "Proxmox Backup authentication server"
+  },
   "user-realms-ldap": {
     "link": "/docs/user-management.html#user-realms-ldap",
     "title": "LDAP"
diff --git a/www/Utils.js b/www/Utils.js
index 15724958..15503fe1 100644
--- a/www/Utils.js
+++ b/www/Utils.js
@@ -456,6 +456,7 @@ Ext.define('PBS.Utils', {
 	    pbs: {
 		name: 'Proxmox Backup authentication server',
 		ipanel: 'pmxAuthSimplePanel',
+		onlineHelp: 'user-realms-pam',
 		add: false,
 		edit: true,
 		pwchange: true,
-- 
2.45.2



_______________________________________________
pbs-devel mailing list
pbs-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pbs-devel