proxmox-mirrors/pmg-docs
1
0
Fork 0
mirror of https://git.proxmox.com/git/pmg-docs synced 2025-07-26 01:11:19 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

tfa: cleanup PVE specifics

Browse Source 
Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
This commit is contained in:
Stoiko Ivanov 2021-11-29 18:30:01 +01:00 committed by Thomas Lamprecht
parent 1a4f84072c
commit c4f5ee141c
1 changed files with 3 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
pmgconfig.adoc
View File

@ -974,8 +974,7 @@ You can set up multiple second factors, in order to avoid a situation in which
losing your smartphone or security key locks you out of your account losing your smartphone or security key locks you out of your account
permanently. permanently.
The following two-factor authentication methods are available in addition to The following two-factor authentication methods are available:
realm-enforced TOTP and YubiKey OTP:
* User configured TOTP * User configured TOTP
(https://en.wikipedia.org/wiki/Time-based_One-Time_Password[Time-based One-Time Password]). (https://en.wikipedia.org/wiki/Time-based_One-Time_Password[Time-based One-Time Password]).
@ -995,8 +994,7 @@ Configuration of Two-Factor
~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~
Users can choose to enable 'TOTP' or 'WebAuthn' as a second factor on login, Users can choose to enable 'TOTP' or 'WebAuthn' as a second factor on login,
via the 'TFA' button in the user list (unless the realm enforces 'YubiKey via the 'TFA' button in the user list.
OTP').
Users can always add and use one time 'Recovery Keys'. Users can always add and use one time 'Recovery Keys'.
@ -1031,7 +1029,7 @@ field and pressing the 'Apply' button.
For WebAuthn to work, you need to have two things: For WebAuthn to work, you need to have two things:
* A trusted HTTPS certificate (for example, by using * A trusted HTTPS certificate (for example, by using
https://pve.proxmox.com/wiki/Certificate_Management[Let's Encrypt]). xref:sysadmin_certs_get_trusted_acme_cert[Let's Encrypt]).
While it probably works with an untrusted certificate, some browsers may While it probably works with an untrusted certificate, some browsers may
warn or refuse WebAuthn operations if it is not trusted. warn or refuse WebAuthn operations if it is not trusted.
* Setup the WebAuthn configuration (see *User Management -> Two Factor -> * Setup the WebAuthn configuration (see *User Management -> Two Factor ->