From d977da6411c3b1b17a0fcea5807cba72645452d6 Mon Sep 17 00:00:00 2001 From: Christoph Heiss Date: Fri, 21 Mar 2025 14:45:41 +0100 Subject: [PATCH] docs: user-management: document `pam` and `pbs` authentication realm Mostly taken from pve-docs and adapted as needed. Signed-off-by: Christoph Heiss Reviewed-by: Lukas Wagner Tested-by: Lukas Wagner --- docs/user-management.rst | 30 ++++++++++++++++++++++++++++-- www/OnlineHelpInfo.js | 8 ++++++++ www/Utils.js | 1 + 3 files changed, 37 insertions(+), 2 deletions(-) diff --git a/docs/user-management.rst b/docs/user-management.rst index c670cbf6..17ef6f75 100644 --- a/docs/user-management.rst +++ b/docs/user-management.rst @@ -16,8 +16,8 @@ User Configuration choose the realm when you add a new user. Possible realms are: :pam: Linux PAM standard authentication. Use this if you want to - authenticate as a Linux system user (users need to exist on the - system). + authenticate as a Linux system user. The users needs to already exist on + the host system. :pbs: Proxmox Backup Server realm. This type stores hashed passwords in ``/etc/proxmox-backup/shadow.json``. @@ -599,6 +599,32 @@ list view in the web UI, or using the command line: Authentication Realms --------------------- +.. _user_realms_pam: + +Linux PAM +~~~~~~~~~ + +Linux PAM is a framework for system-wide user authentication. These users are +created on the host system with commands such as ``adduser``. + +If PAM users exist on the host system, corresponding entries can be added to +Proxmox Backup Server, to allow these users to log in via their system username +and password. + +.. _user_realms_pbs: + +Proxmox Backup authentication server +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +This is a Unix-like password store, which stores hashed passwords in +``/etc/proxmox-backup/shadow.json``. Passwords are hashed using the SHA-256 +hashing algorithm. + +This is the most convenient realm for small-scale (or even mid-scale) +installations, where users do not need access to anything outside of Proxmox +Backup Server. In this case, users are fully managed by Proxmox Backup Server +and are able to change their own passwords via the GUI. + .. _user_realms_ldap: LDAP diff --git a/www/OnlineHelpInfo.js b/www/OnlineHelpInfo.js index ebb524e4..175c230f 100644 --- a/www/OnlineHelpInfo.js +++ b/www/OnlineHelpInfo.js @@ -479,6 +479,14 @@ const proxmoxOnlineHelpInfo = { "link": "/docs/user-management.html#user-tfa-lockout", "title": "Limits and Lockout of Two-Factor Authentication" }, + "user-realms-pam": { + "link": "/docs/user-management.html#user-realms-pam", + "title": "Linux PAM" + }, + "user-realms-pbs": { + "link": "/docs/user-management.html#user-realms-pbs", + "title": "Proxmox Backup authentication server" + }, "user-realms-ldap": { "link": "/docs/user-management.html#user-realms-ldap", "title": "LDAP" diff --git a/www/Utils.js b/www/Utils.js index 7e1ae651..cea69ffc 100644 --- a/www/Utils.js +++ b/www/Utils.js @@ -458,6 +458,7 @@ Ext.define('PBS.Utils', { pbs: { name: 'Proxmox Backup authentication server', ipanel: 'pmxAuthSimplePanel', + onlineHelp: 'user-realms-pbs', add: false, edit: true, pwchange: true,