From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by lists.proxmox.com (Postfix) with ESMTPS id 8ED8861128 for ; Wed, 2 Dec 2020 14:15:58 +0100 (CET) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 824BB1C1BA for ; Wed, 2 Dec 2020 14:15:58 +0100 (CET) Received: from proxmox-new.maurer-it.com (proxmox-new.maurer-it.com [212.186.127.180]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by firstgate.proxmox.com (Proxmox) with ESMTPS id 093C81C1B0 for ; Wed, 2 Dec 2020 14:15:58 +0100 (CET) Received: from proxmox-new.maurer-it.com (localhost.localdomain [127.0.0.1]) by proxmox-new.maurer-it.com (Proxmox) with ESMTP id B77A044812 for ; Wed, 2 Dec 2020 14:15:57 +0100 (CET) To: Proxmox Backup Server development discussion , Wolfgang Bumiller References: <20201119145608.16866-1-w.bumiller@proxmox.com> <20201202105650.GA7591@gaia.proxmox.com> <4c361a22-5caa-db5e-66b9-046638048fd5@proxmox.com> <20201202123556.GE7591@gaia.proxmox.com> <1961513443.536.1606913516008@webmail.proxmox.com> From: Thomas Lamprecht Message-ID: Date: Wed, 2 Dec 2020 14:15:56 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:84.0) Gecko/20100101 Thunderbird/84.0 MIME-Version: 1.0 In-Reply-To: <1961513443.536.1606913516008@webmail.proxmox.com> Content-Type: text/plain; charset=UTF-8 Content-Language: en-US Content-Transfer-Encoding: quoted-printable X-SPAM-LEVEL: Spam detection results: 0 AWL -0.075 Adjusted score from AWL reputation of From: address KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment NICE_REPLY_A -0.001 Looks like a legit reply (A) RCVD_IN_DNSWL_MED -2.3 Sender listed at https://www.dnswl.org/, medium trust SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record Subject: Re: [pbs-devel] [RFC backup 0/6] Two factor authentication X-BeenThere: pbs-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox Backup Server development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 02 Dec 2020 13:15:58 -0000 On 02.12.20 13:51, Wolfgang Bumiller wrote: >> On 12/02/2020 1:35 PM Oguz Bektas wrote: >> >> =20 >> On Wed, Dec 02, 2020 at 01:27:47PM +0100, Thomas Lamprecht wrote: >>>> 2. do not store recovery codes in cleartext (hash them instead, we t= hought >>>> hmac-sha256 is fine). the reason being that recovery codes can bypas= s >>>> other tfa methods so they shouldn't be visible >>> >>> make sense, would expect them to be hashed >=20 > FWIW TOTP secrets can't be hashes since they're supposed to be, > well, a shared secret yeah sure, above talks about recovery keys though. >=20 >>>> >>>> 3. don't store all the tfa information in a single json file. >>>> >>> >>> makes no sense to me, any reason you mention below can happen to arbi= trary >>> files, so just adds complexity while not gaining anything. >=20 > Complexity is the wrong argument. The question is mainly whether we pre= fer > lots of small or one big file. For PBS it's not even that important. It= 'll > be more important when we add bindings for this to PVE where the file s= izes > are limited. No complexity is seldom the wrong argument, it may not be enough on its o= wn though. >=20 > With a file per user it's also easier for an admin to work on the files= > directly. And if we want to add counters, limitations or eg. store date= & ip > of the last time an entry was used, we won't be locking one big file at= login > time. Not that I expect millions of concurrent logins to be happening ;= -) We create a confusing split view, all user info are concentrated into sin= gle files per type, user.cfg, acl.cfg, shadow.json, etc. just TFA wants to be a uni= corn and split it up in files per user - seems rather inconsistent. And, admins should resort to working on files directly as a last measurem= ent, CLI tools and the GUI should be preferred, *always*, so that's a moot point.