proxmox-mirrors/pve-docs
1
0
Fork 0
mirror of https://git.proxmox.com/git/pve-docs synced 2025-04-30 06:12:27 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

user management: clarify that password changes for PAM realm only apply to local node

Browse Source 
Reported in the community forum:
https://forum.proxmox.com/threads/158518/

Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
This commit is contained in:
Fiona Ebner 2024-12-04 12:37:08 +01:00 committed by Thomas Lamprecht
parent 5107b302d3
commit 2ad2c765e9
1 changed files with 8 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
pveum.adoc
View File

@ -170,8 +170,14 @@ Linux PAM Standard Authentication
As Linux PAM corresponds to host system users, a system user must exist on each As Linux PAM corresponds to host system users, a system user must exist on each
node which the user is allowed to log in on. The user authenticates with their node which the user is allowed to log in on. The user authenticates with their
usual system password. This realm is added by default and can't be removed. In usual system password. This realm is added by default and can't be removed.
terms of configurability, an administrator can choose to require two-factor
Password changes via the GUI or, equivalently, the `/access/password` API
endpoint only apply to the local node and not cluster-wide. Even though {pve}
has a multi-master design, using different passwords for different nodes can
still offer a security benefit.
In terms of configurability, an administrator can choose to require two-factor
authentication with logins from the realm and to set the realm as the default authentication with logins from the realm and to set the realm as the default
authentication realm. authentication realm.