* [pmg-devel] [PATCH pmg-docs 0/2] minor cleanup of tfa docs
@ 2021-11-29 17:29 Stoiko Ivanov
2021-11-29 17:30 ` [pmg-devel] [PATCH pmg-docs 1/2] tfa: add notes regarding cluster creation and tfa Stoiko Ivanov
` (2 more replies)
0 siblings, 3 replies; 4+ messages in thread
From: Stoiko Ivanov @ 2021-11-29 17:29 UTC (permalink / raw)
To: pmg-devel
the first patchadds a short note regarding cluster creation not being
possible if the root user has tfa enabled, to both the user and cluster
docs
the second patch removes a few PVE specifics not applicable to PMG from the
tfa docs
Stoiko Ivanov (2):
tfa: add notes regarding cluster creation and tfa
tfa: cleanup PVE specifics
pmgcm.adoc | 4 ++++
pmgconfig.adoc | 12 +++++++-----
2 files changed, 11 insertions(+), 5 deletions(-)
--
2.30.2
^ permalink raw reply [flat|nested] 4+ messages in thread
* [pmg-devel] [PATCH pmg-docs 1/2] tfa: add notes regarding cluster creation and tfa
2021-11-29 17:29 [pmg-devel] [PATCH pmg-docs 0/2] minor cleanup of tfa docs Stoiko Ivanov
@ 2021-11-29 17:30 ` Stoiko Ivanov
2021-11-29 17:30 ` [pmg-devel] [PATCH pmg-docs 2/2] tfa: cleanup PVE specifics Stoiko Ivanov
2021-12-01 10:22 ` [pmg-devel] applied-series: [PATCH pmg-docs 0/2] minor cleanup of tfa docs Thomas Lamprecht
2 siblings, 0 replies; 4+ messages in thread
From: Stoiko Ivanov @ 2021-11-29 17:30 UTC (permalink / raw)
To: pmg-devel
Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
---
pmgcm.adoc | 4 ++++
pmgconfig.adoc | 4 ++++
2 files changed, 8 insertions(+)
diff --git a/pmgcm.adoc b/pmgcm.adoc
index 2e93d3a..9a7aa7f 100644
--- a/pmgcm.adoc
+++ b/pmgcm.adoc
@@ -261,6 +261,10 @@ a password. When joining a cluster using the GUI, you also need to
enter the 'fingerprint' of the master node. You can get this information
by pressing the `Add` button on the master node.
+NOTE: Joining a cluster, with enabled two-factor authentication for the
+`root` user is not supported - remove the second factor while joining the
+cluster.
+
CAUTION: Node initialization deletes all existing databases, stops all
services accessing the database and then restarts them. Therefore, do
not add nodes which are already active and receive mail.
diff --git a/pmgconfig.adoc b/pmgconfig.adoc
index eaf0cc0..68ebae5 100644
--- a/pmgconfig.adoc
+++ b/pmgconfig.adoc
@@ -964,6 +964,10 @@ Two-Factor Authentication
Users of the admin interface can configure two-factor authentication to
increase protection of their accounts.
+NOTE: Joining a cluster, with enabled two-factor authentication for the
+`root` user is not supported - remove the second factor while joining the
+cluster.
+
Available Second Factors
~~~~~~~~~~~~~~~~~~~~~~~~
--
2.30.2
^ permalink raw reply [flat|nested] 4+ messages in thread
* [pmg-devel] [PATCH pmg-docs 2/2] tfa: cleanup PVE specifics
2021-11-29 17:29 [pmg-devel] [PATCH pmg-docs 0/2] minor cleanup of tfa docs Stoiko Ivanov
2021-11-29 17:30 ` [pmg-devel] [PATCH pmg-docs 1/2] tfa: add notes regarding cluster creation and tfa Stoiko Ivanov
@ 2021-11-29 17:30 ` Stoiko Ivanov
2021-12-01 10:22 ` [pmg-devel] applied-series: [PATCH pmg-docs 0/2] minor cleanup of tfa docs Thomas Lamprecht
2 siblings, 0 replies; 4+ messages in thread
From: Stoiko Ivanov @ 2021-11-29 17:30 UTC (permalink / raw)
To: pmg-devel
Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
---
pmgconfig.adoc | 8 +++-----
1 file changed, 3 insertions(+), 5 deletions(-)
diff --git a/pmgconfig.adoc b/pmgconfig.adoc
index 68ebae5..79c6415 100644
--- a/pmgconfig.adoc
+++ b/pmgconfig.adoc
@@ -975,8 +975,7 @@ You can set up multiple second factors, in order to avoid a situation in which
losing your smartphone or security key locks you out of your account
permanently.
-The following two-factor authentication methods are available in addition to
-realm-enforced TOTP and YubiKey OTP:
+The following two-factor authentication methods are available:
* User configured TOTP
(https://en.wikipedia.org/wiki/Time-based_One-Time_Password[Time-based One-Time Password]).
@@ -996,8 +995,7 @@ Configuration of Two-Factor
~~~~~~~~~~~~~~~~~~~~~~~~~~~
Users can choose to enable 'TOTP' or 'WebAuthn' as a second factor on login,
-via the 'TFA' button in the user list (unless the realm enforces 'YubiKey
-OTP').
+via the 'TFA' button in the user list.
Users can always add and use one time 'Recovery Keys'.
@@ -1032,7 +1030,7 @@ field and pressing the 'Apply' button.
For WebAuthn to work, you need to have two things:
* A trusted HTTPS certificate (for example, by using
- https://pve.proxmox.com/wiki/Certificate_Management[Let's Encrypt]).
+ xref:sysadmin_certs_get_trusted_acme_cert[Let's Encrypt]).
While it probably works with an untrusted certificate, some browsers may
warn or refuse WebAuthn operations if it is not trusted.
* Setup the WebAuthn configuration (see *User Management -> Two Factor ->
--
2.30.2
^ permalink raw reply [flat|nested] 4+ messages in thread
* [pmg-devel] applied-series: [PATCH pmg-docs 0/2] minor cleanup of tfa docs
2021-11-29 17:29 [pmg-devel] [PATCH pmg-docs 0/2] minor cleanup of tfa docs Stoiko Ivanov
2021-11-29 17:30 ` [pmg-devel] [PATCH pmg-docs 1/2] tfa: add notes regarding cluster creation and tfa Stoiko Ivanov
2021-11-29 17:30 ` [pmg-devel] [PATCH pmg-docs 2/2] tfa: cleanup PVE specifics Stoiko Ivanov
@ 2021-12-01 10:22 ` Thomas Lamprecht
2 siblings, 0 replies; 4+ messages in thread
From: Thomas Lamprecht @ 2021-12-01 10:22 UTC (permalink / raw)
To: Stoiko Ivanov, pmg-devel
On 29.11.21 18:29, Stoiko Ivanov wrote:
> the first patchadds a short note regarding cluster creation not being
> possible if the root user has tfa enabled, to both the user and cluster
> docs
>
> the second patch removes a few PVE specifics not applicable to PMG from the
> tfa docs
>
> Stoiko Ivanov (2):
> tfa: add notes regarding cluster creation and tfa
> tfa: cleanup PVE specifics
>
> pmgcm.adoc | 4 ++++
> pmgconfig.adoc | 12 +++++++-----
> 2 files changed, 11 insertions(+), 5 deletions(-)
>
applied, thanks! I reworded the note slightly to (hopefully) slightly less complex
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2021-12-01 10:22 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-11-29 17:29 [pmg-devel] [PATCH pmg-docs 0/2] minor cleanup of tfa docs Stoiko Ivanov
2021-11-29 17:30 ` [pmg-devel] [PATCH pmg-docs 1/2] tfa: add notes regarding cluster creation and tfa Stoiko Ivanov
2021-11-29 17:30 ` [pmg-devel] [PATCH pmg-docs 2/2] tfa: cleanup PVE specifics Stoiko Ivanov
2021-12-01 10:22 ` [pmg-devel] applied-series: [PATCH pmg-docs 0/2] minor cleanup of tfa docs Thomas Lamprecht
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox