From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by lists.proxmox.com (Postfix) with ESMTPS id C15A08265B for ; Mon, 29 Nov 2021 18:30:24 +0100 (CET) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id BF85FD923 for ; Mon, 29 Nov 2021 18:30:24 +0100 (CET) Received: from proxmox-new.maurer-it.com (proxmox-new.maurer-it.com [94.136.29.106]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by firstgate.proxmox.com (Proxmox) with ESMTPS id 40FF7D912 for ; Mon, 29 Nov 2021 18:30:23 +0100 (CET) Received: from proxmox-new.maurer-it.com (localhost.localdomain [127.0.0.1]) by proxmox-new.maurer-it.com (Proxmox) with ESMTP id 1F5A145515 for ; Mon, 29 Nov 2021 18:30:23 +0100 (CET) From: Stoiko Ivanov To: pmg-devel@lists.proxmox.com Date: Mon, 29 Nov 2021 18:30:01 +0100 Message-Id: <20211129173001.292756-3-s.ivanov@proxmox.com> X-Mailer: git-send-email 2.30.2 In-Reply-To: <20211129173001.292756-1-s.ivanov@proxmox.com> References: <20211129173001.292756-1-s.ivanov@proxmox.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-SPAM-LEVEL: Spam detection results: 0 AWL 0.289 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record Subject: [pmg-devel] [PATCH pmg-docs 2/2] tfa: cleanup PVE specifics X-BeenThere: pmg-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox Mail Gateway development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 29 Nov 2021 17:30:24 -0000 Signed-off-by: Stoiko Ivanov --- pmgconfig.adoc | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/pmgconfig.adoc b/pmgconfig.adoc index 68ebae5..79c6415 100644 --- a/pmgconfig.adoc +++ b/pmgconfig.adoc @@ -975,8 +975,7 @@ You can set up multiple second factors, in order to avoid a situation in which losing your smartphone or security key locks you out of your account permanently. -The following two-factor authentication methods are available in addition to -realm-enforced TOTP and YubiKey OTP: +The following two-factor authentication methods are available: * User configured TOTP (https://en.wikipedia.org/wiki/Time-based_One-Time_Password[Time-based One-Time Password]). @@ -996,8 +995,7 @@ Configuration of Two-Factor ~~~~~~~~~~~~~~~~~~~~~~~~~~~ Users can choose to enable 'TOTP' or 'WebAuthn' as a second factor on login, -via the 'TFA' button in the user list (unless the realm enforces 'YubiKey -OTP'). +via the 'TFA' button in the user list. Users can always add and use one time 'Recovery Keys'. @@ -1032,7 +1030,7 @@ field and pressing the 'Apply' button. For WebAuthn to work, you need to have two things: * A trusted HTTPS certificate (for example, by using - https://pve.proxmox.com/wiki/Certificate_Management[Let's Encrypt]). + xref:sysadmin_certs_get_trusted_acme_cert[Let's Encrypt]). While it probably works with an untrusted certificate, some browsers may warn or refuse WebAuthn operations if it is not trusted. * Setup the WebAuthn configuration (see *User Management -> Two Factor -> -- 2.30.2