From: Christoph Heiss <c.heiss@proxmox.com>
To: Markus Frank <m.frank@proxmox.com>
Cc: pmg-devel@lists.proxmox.com
Subject: Re: [pmg-devel] [PATCH pve-common/proxmox-perl-rs/pmg-api/pmg-gui v3 0/8] fix #3892: OpenID
Date: Fri, 22 Nov 2024 10:12:15 +0100 [thread overview]
Message-ID: <ohu4ixitjhxht7tpjskog5mgzqzsygpqahsfcfsnlzz4iqijqm@7cdgsj47cwwu> (raw)
In-Reply-To: <d6d1732b-f9a1-4790-99b9-faf7ace2430d@proxmox.com>
On Thu, Nov 14, 2024 at 05:19:38PM +0100, Markus Frank wrote:
> Thanks for the review and sorry for the late reply.
>
> Comments inline:
>
> On 2024-10-09 13:30, Christoph Heiss wrote:
> > Just tested this series using Keycloak 26.0.0 as an OpenID provider.
> > [..]
> >
> > I noticed however that there seems to be no dedicated PAM realm in the
> > login window, only PMG authentication server - but you can still login
> > with PAM credentials. These two should be real separate realms, much
> > like we have it for PVE/PBS.
> But you can only login as root with PAM afaict.
> Should we separate it just for the root user or are we planning to add PAM login for other users?
Hm, not sure - or at least not for me to decide.
But - it was a bit surprising/confusing, since you can set PMG as
authentication realm and then use root (at) pam as username. Especially
also when comparing to PVE/PBS, how it works there.
I guess just for the sake of consistency between products would be worth
it to split them. Although user creation/management for such a PAM realm
can be left for later, as to not explode this series.
_______________________________________________
pmg-devel mailing list
pmg-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pmg-devel
prev parent reply other threads:[~2024-11-22 9:12 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-06-24 9:08 Markus Frank
2024-06-24 9:08 ` [pmg-devel] [PATCH pve-common v3 1/8] add Schema package with auth module that contains realm sync options Markus Frank
2024-06-24 9:08 ` [pmg-devel] [PATCH proxmox-perl-rs v3 2/8] move openid code from pve-rs to common Markus Frank
2024-10-09 11:30 ` Christoph Heiss
2024-06-24 9:08 ` [pmg-devel] [PATCH proxmox-perl-rs v3 3/8] remove empty PMG::RS::OpenId package to avoid confusion Markus Frank
2024-06-24 9:08 ` [pmg-devel] [PATCH pmg-api v3 4/8] config: add plugin system for realms & add openid type realms Markus Frank
2024-10-10 8:46 ` Christoph Heiss
2024-10-18 12:07 ` Christoph Heiss
2024-06-24 9:08 ` [pmg-devel] [PATCH pmg-api v3 5/8] api: add/update/remove realms like in PVE Markus Frank
2024-06-24 9:08 ` [pmg-devel] [PATCH pmg-api v3 6/8] api: openid login similar to PVE Markus Frank
2024-06-24 9:08 ` [pmg-devel] [PATCH pmg-gui v3 7/8] login: add OpenID realms Markus Frank
2024-06-24 9:08 ` [pmg-devel] [PATCH pmg-gui v3 8/8] add panel for realms to User Management Markus Frank
2024-10-09 11:30 ` [pmg-devel] [PATCH pve-common/proxmox-perl-rs/pmg-api/pmg-gui v3 0/8] fix #3892: OpenID Christoph Heiss
2024-11-14 16:19 ` Markus Frank
2024-11-22 9:12 ` Christoph Heiss [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ohu4ixitjhxht7tpjskog5mgzqzsygpqahsfcfsnlzz4iqijqm@7cdgsj47cwwu \
--to=c.heiss@proxmox.com \
--cc=m.frank@proxmox.com \
--cc=pmg-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox