public inbox for pmg-devel@lists.proxmox.com
 help / color / mirror / Atom feed
* [pmg-devel] [PATCH pmg-docs 0/2] minor cleanup of tfa docs
@ 2021-11-29 17:29 Stoiko Ivanov
  2021-11-29 17:30 ` [pmg-devel] [PATCH pmg-docs 1/2] tfa: add notes regarding cluster creation and tfa Stoiko Ivanov
                   ` (2 more replies)
  0 siblings, 3 replies; 4+ messages in thread
From: Stoiko Ivanov @ 2021-11-29 17:29 UTC (permalink / raw)
  To: pmg-devel

the first patchadds a short note regarding cluster creation not being
possible if the root user has tfa enabled, to both the user and cluster
docs

the second patch removes a few PVE specifics not applicable to PMG from the
tfa docs

Stoiko Ivanov (2):
  tfa: add notes regarding cluster creation and tfa
  tfa: cleanup PVE specifics

 pmgcm.adoc     |  4 ++++
 pmgconfig.adoc | 12 +++++++-----
 2 files changed, 11 insertions(+), 5 deletions(-)

-- 
2.30.2





^ permalink raw reply	[flat|nested] 4+ messages in thread

* [pmg-devel] [PATCH pmg-docs 1/2] tfa: add notes regarding cluster creation and tfa
  2021-11-29 17:29 [pmg-devel] [PATCH pmg-docs 0/2] minor cleanup of tfa docs Stoiko Ivanov
@ 2021-11-29 17:30 ` Stoiko Ivanov
  2021-11-29 17:30 ` [pmg-devel] [PATCH pmg-docs 2/2] tfa: cleanup PVE specifics Stoiko Ivanov
  2021-12-01 10:22 ` [pmg-devel] applied-series: [PATCH pmg-docs 0/2] minor cleanup of tfa docs Thomas Lamprecht
  2 siblings, 0 replies; 4+ messages in thread
From: Stoiko Ivanov @ 2021-11-29 17:30 UTC (permalink / raw)
  To: pmg-devel

Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
---
 pmgcm.adoc     | 4 ++++
 pmgconfig.adoc | 4 ++++
 2 files changed, 8 insertions(+)

diff --git a/pmgcm.adoc b/pmgcm.adoc
index 2e93d3a..9a7aa7f 100644
--- a/pmgcm.adoc
+++ b/pmgcm.adoc
@@ -261,6 +261,10 @@ a password. When joining a cluster using the GUI, you also need to
 enter the 'fingerprint' of the master node. You can get this information
 by pressing the `Add` button on the master node.
 
+NOTE: Joining a cluster, with enabled two-factor authentication for the
+`root` user is not supported - remove the second factor while joining the
+cluster.
+
 CAUTION: Node initialization deletes all existing databases, stops all
 services accessing the database and then restarts them. Therefore, do
 not add nodes which are already active and receive mail.
diff --git a/pmgconfig.adoc b/pmgconfig.adoc
index eaf0cc0..68ebae5 100644
--- a/pmgconfig.adoc
+++ b/pmgconfig.adoc
@@ -964,6 +964,10 @@ Two-Factor Authentication
 Users of the admin interface can configure two-factor authentication to
 increase protection of their accounts.
 
+NOTE: Joining a cluster, with enabled two-factor authentication for the
+`root` user is not supported - remove the second factor while joining the
+cluster.
+
 Available Second Factors
 ~~~~~~~~~~~~~~~~~~~~~~~~
 
-- 
2.30.2





^ permalink raw reply	[flat|nested] 4+ messages in thread

* [pmg-devel] [PATCH pmg-docs 2/2] tfa: cleanup PVE specifics
  2021-11-29 17:29 [pmg-devel] [PATCH pmg-docs 0/2] minor cleanup of tfa docs Stoiko Ivanov
  2021-11-29 17:30 ` [pmg-devel] [PATCH pmg-docs 1/2] tfa: add notes regarding cluster creation and tfa Stoiko Ivanov
@ 2021-11-29 17:30 ` Stoiko Ivanov
  2021-12-01 10:22 ` [pmg-devel] applied-series: [PATCH pmg-docs 0/2] minor cleanup of tfa docs Thomas Lamprecht
  2 siblings, 0 replies; 4+ messages in thread
From: Stoiko Ivanov @ 2021-11-29 17:30 UTC (permalink / raw)
  To: pmg-devel

Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
---
 pmgconfig.adoc | 8 +++-----
 1 file changed, 3 insertions(+), 5 deletions(-)

diff --git a/pmgconfig.adoc b/pmgconfig.adoc
index 68ebae5..79c6415 100644
--- a/pmgconfig.adoc
+++ b/pmgconfig.adoc
@@ -975,8 +975,7 @@ You can set up multiple second factors, in order to avoid a situation in which
 losing your smartphone or security key locks you out of your account
 permanently.
 
-The following two-factor authentication methods are available in addition to
-realm-enforced TOTP and YubiKey OTP:
+The following two-factor authentication methods are available:
 
 * User configured TOTP
   (https://en.wikipedia.org/wiki/Time-based_One-Time_Password[Time-based One-Time Password]).
@@ -996,8 +995,7 @@ Configuration of Two-Factor
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 Users can choose to enable 'TOTP' or 'WebAuthn' as a second factor on login,
-via the 'TFA' button in the user list (unless the realm enforces 'YubiKey
-OTP').
+via the 'TFA' button in the user list.
 
 Users can always add and use one time 'Recovery Keys'.
 
@@ -1032,7 +1030,7 @@ field and pressing the 'Apply' button.
 For WebAuthn to work, you need to have two things:
 
 * A trusted HTTPS certificate (for example, by using
-  https://pve.proxmox.com/wiki/Certificate_Management[Let's Encrypt]).
+  xref:sysadmin_certs_get_trusted_acme_cert[Let's Encrypt]).
   While it probably works with an untrusted certificate, some browsers may
   warn or refuse WebAuthn operations if it is not trusted.
 * Setup the WebAuthn configuration (see *User Management -> Two Factor ->
-- 
2.30.2





^ permalink raw reply	[flat|nested] 4+ messages in thread

* [pmg-devel] applied-series: [PATCH pmg-docs 0/2] minor cleanup of tfa docs
  2021-11-29 17:29 [pmg-devel] [PATCH pmg-docs 0/2] minor cleanup of tfa docs Stoiko Ivanov
  2021-11-29 17:30 ` [pmg-devel] [PATCH pmg-docs 1/2] tfa: add notes regarding cluster creation and tfa Stoiko Ivanov
  2021-11-29 17:30 ` [pmg-devel] [PATCH pmg-docs 2/2] tfa: cleanup PVE specifics Stoiko Ivanov
@ 2021-12-01 10:22 ` Thomas Lamprecht
  2 siblings, 0 replies; 4+ messages in thread
From: Thomas Lamprecht @ 2021-12-01 10:22 UTC (permalink / raw)
  To: Stoiko Ivanov, pmg-devel

On 29.11.21 18:29, Stoiko Ivanov wrote:
> the first patchadds a short note regarding cluster creation not being
> possible if the root user has tfa enabled, to both the user and cluster
> docs
> 
> the second patch removes a few PVE specifics not applicable to PMG from the
> tfa docs
> 
> Stoiko Ivanov (2):
>   tfa: add notes regarding cluster creation and tfa
>   tfa: cleanup PVE specifics
> 
>  pmgcm.adoc     |  4 ++++
>  pmgconfig.adoc | 12 +++++++-----
>  2 files changed, 11 insertions(+), 5 deletions(-)
> 

applied, thanks! I reworded the note slightly to (hopefully) slightly less complex




^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, other threads:[~2021-12-01 10:22 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-11-29 17:29 [pmg-devel] [PATCH pmg-docs 0/2] minor cleanup of tfa docs Stoiko Ivanov
2021-11-29 17:30 ` [pmg-devel] [PATCH pmg-docs 1/2] tfa: add notes regarding cluster creation and tfa Stoiko Ivanov
2021-11-29 17:30 ` [pmg-devel] [PATCH pmg-docs 2/2] tfa: cleanup PVE specifics Stoiko Ivanov
2021-12-01 10:22 ` [pmg-devel] applied-series: [PATCH pmg-docs 0/2] minor cleanup of tfa docs Thomas Lamprecht

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox
Service provided by Proxmox Server Solutions GmbH | Privacy | Legal