From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <pbs-devel-bounces@lists.proxmox.com>
Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68])
	by lore.proxmox.com (Postfix) with ESMTPS id 501401FF15C
	for <inbox@lore.proxmox.com>; Wed,  7 Aug 2024 11:24:18 +0200 (CEST)
Received: from firstgate.proxmox.com (localhost [127.0.0.1])
	by firstgate.proxmox.com (Proxmox) with ESMTP id EE43C3387;
	Wed,  7 Aug 2024 11:24:27 +0200 (CEST)
Message-ID: <d368ccd2-5c2f-4054-aa2d-4299c2d52b6d@proxmox.com>
Date: Wed, 7 Aug 2024 11:23:55 +0200
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
From: Lukas Wagner <l.wagner@proxmox.com>
To: Proxmox Backup Server development discussion
 <pbs-devel@lists.proxmox.com>, Christoph Heiss <c.heiss@proxmox.com>
References: <20240716134514.1656795-1-c.heiss@proxmox.com>
Content-Language: de-AT, en-US
In-Reply-To: <20240716134514.1656795-1-c.heiss@proxmox.com>
X-SPAM-LEVEL: Spam detection results:  0
 AWL 0.007 Adjusted score from AWL reputation of From: address
 BAYES_00                 -1.9 Bayes spam probability is 0 to 1%
 DMARC_MISSING             0.1 Missing DMARC policy
 KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment
 SPF_HELO_NONE           0.001 SPF: HELO does not publish an SPF Record
 SPF_PASS               -0.001 SPF: sender matches SPF record
Subject: Re: [pbs-devel] [PATCH proxmox-backup/pwt 0/14] fix #5379:
 introduce default auth realm option
X-BeenThere: pbs-devel@lists.proxmox.com
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Proxmox Backup Server development discussion
 <pbs-devel.lists.proxmox.com>
List-Unsubscribe: <https://lists.proxmox.com/cgi-bin/mailman/options/pbs-devel>, 
 <mailto:pbs-devel-request@lists.proxmox.com?subject=unsubscribe>
List-Archive: <http://lists.proxmox.com/pipermail/pbs-devel/>
List-Post: <mailto:pbs-devel@lists.proxmox.com>
List-Help: <mailto:pbs-devel-request@lists.proxmox.com?subject=help>
List-Subscribe: <https://lists.proxmox.com/cgi-bin/mailman/listinfo/pbs-devel>, 
 <mailto:pbs-devel-request@lists.proxmox.com?subject=subscribe>
Reply-To: Proxmox Backup Server development discussion
 <pbs-devel@lists.proxmox.com>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: pbs-devel-bounces@lists.proxmox.com
Sender: "pbs-devel" <pbs-devel-bounces@lists.proxmox.com>



On  2024-07-16 15:44, Christoph Heiss wrote:
> Fixes #5379 [0].
> 
> First, it adds an updatable `default` field to all existing editable
> realms. Then it converts the PAM and PBS built-in realms to proper
> realms, instead of being hard-coded in-between somewhere. 
> In turns this enables editing of these realms, allowing setting whether
> these realms should be the default for login or not.
> 
> For proxmox-widget-toolkit, the first four patches could in principal be
> applied on their own. The others depend on the API changes as introduced
> in the proxmox-backup part.
> 
> W.r.t. to applying, proxmox-backup will need a bump of
> proxmox-widget-toolkit afterwards.

Codewise it looks good (apart from some tiny tiny nits), so consider this:

Reviewed-by: Lukas Wagner <l.wagner@proxmox.com>

I also tested this on the latest master branch. Here is what I did:
 - Set the PBS realm as default
 - Add a new user to the PBS realm, for good measure
 - Logout
 - Make sure PBS is selected on the login page

I found that once you select PAM again and log in as root, the PAM realm will
be selected on next login again (even though 'save user' is not selected).
This seems to happen because the ext-pbs-pveloginrealm:"o%3Avalue%3Ds%253Apam"
key is set in local storage. If that one is cleared, it works again.
So it seems like we are interfering with the statefulness of the login widget.

Could you check if you can reproduce that?

-- 
- Lukas


_______________________________________________
pbs-devel mailing list
pbs-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pbs-devel