From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [IPv6:2a01:7e0:0:424::9]) by lore.proxmox.com (Postfix) with ESMTPS id 99A641FF178 for ; Fri, 23 Aug 2024 13:08:05 +0200 (CEST) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 2A4D7E39E; Fri, 23 Aug 2024 13:08:27 +0200 (CEST) From: Christoph Heiss To: pbs-devel@lists.proxmox.com Date: Fri, 23 Aug 2024 13:07:36 +0200 Message-ID: <20240823110737.831304-17-c.heiss@proxmox.com> X-Mailer: git-send-email 2.45.2 In-Reply-To: <20240823110737.831304-1-c.heiss@proxmox.com> References: <20240823110737.831304-1-c.heiss@proxmox.com> MIME-Version: 1.0 X-SPAM-LEVEL: Spam detection results: 0 AWL 0.034 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% DMARC_MISSING 0.1 Missing DMARC policy KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record T_SCC_BODY_TEXT_LINE -0.01 - Subject: [pbs-devel] [PATCH proxmox-backup v4 16/16] docs: user-management: document `pam` and `pbs` authentication realm X-BeenThere: pbs-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox Backup Server development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: Proxmox Backup Server development discussion Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: pbs-devel-bounces@lists.proxmox.com Sender: "pbs-devel" Signed-off-by: Christoph Heiss --- Changes v3 -> v4: * new patch docs/user-management.rst | 30 ++++++++++++++++++++++++++++-- www/OnlineHelpInfo.js | 8 ++++++++ www/Utils.js | 1 + 3 files changed, 37 insertions(+), 2 deletions(-) diff --git a/docs/user-management.rst b/docs/user-management.rst index c670cbf6..17ef6f75 100644 --- a/docs/user-management.rst +++ b/docs/user-management.rst @@ -16,8 +16,8 @@ User Configuration choose the realm when you add a new user. Possible realms are: :pam: Linux PAM standard authentication. Use this if you want to - authenticate as a Linux system user (users need to exist on the - system). + authenticate as a Linux system user. The users needs to already exist on + the host system. :pbs: Proxmox Backup Server realm. This type stores hashed passwords in ``/etc/proxmox-backup/shadow.json``. @@ -599,6 +599,32 @@ list view in the web UI, or using the command line: Authentication Realms --------------------- +.. _user_realms_pam: + +Linux PAM +~~~~~~~~~ + +Linux PAM is a framework for system-wide user authentication. These users are +created on the host system with commands such as ``adduser``. + +If PAM users exist on the host system, corresponding entries can be added to +Proxmox Backup Server, to allow these users to log in via their system username +and password. + +.. _user_realms_pbs: + +Proxmox Backup authentication server +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +This is a Unix-like password store, which stores hashed passwords in +``/etc/proxmox-backup/shadow.json``. Passwords are hashed using the SHA-256 +hashing algorithm. + +This is the most convenient realm for small-scale (or even mid-scale) +installations, where users do not need access to anything outside of Proxmox +Backup Server. In this case, users are fully managed by Proxmox Backup Server +and are able to change their own passwords via the GUI. + .. _user_realms_ldap: LDAP diff --git a/www/OnlineHelpInfo.js b/www/OnlineHelpInfo.js index 556e87e7..81613f62 100644 --- a/www/OnlineHelpInfo.js +++ b/www/OnlineHelpInfo.js @@ -431,6 +431,14 @@ const proxmoxOnlineHelpInfo = { "link": "/docs/user-management.html#user-tfa-lockout", "title": "Limits and Lockout of Two-Factor Authentication" }, + "user-realms-pam": { + "link": "/docs/user-management.html#user-realms-pam", + "title": "Linux PAM" + }, + "user-realms-pbs": { + "link": "/docs/user-management.html#user-realms-pbs", + "title": "Proxmox Backup authentication server" + }, "user-realms-ldap": { "link": "/docs/user-management.html#user-realms-ldap", "title": "LDAP" diff --git a/www/Utils.js b/www/Utils.js index 15724958..15503fe1 100644 --- a/www/Utils.js +++ b/www/Utils.js @@ -456,6 +456,7 @@ Ext.define('PBS.Utils', { pbs: { name: 'Proxmox Backup authentication server', ipanel: 'pmxAuthSimplePanel', + onlineHelp: 'user-realms-pam', add: false, edit: true, pwchange: true, -- 2.45.2 _______________________________________________ pbs-devel mailing list pbs-devel@lists.proxmox.com https://lists.proxmox.com/cgi-bin/mailman/listinfo/pbs-devel