[pve-devel] [PATCH access-control 0/3] improve tfa config locking

Thomas Lamprecht t.lamprecht at proxmox.com
Fri Oct 21 13:32:14 CEST 2022

Am 21/10/2022 um 10:06 schrieb Wolfgang Bumiller:
>> my suggestion for the 'let users not login in non-quorate cluster' would
>> be to maybe add a flag to the users that must be explicitely enabled
>> for them to login, so that e.g. some admin users can always login, but
>> normal users cannot (i got no real feedback on that idea in the
>> conversation of the last version of this sadly..)
> I think it makes sense. Eg. you may not want to expose ssh access
> publicly but need the UI - then at least root could access the shell
> over the UI to fix stuff, while for other users we can never be sure
> they're actually still valid. Although we could argue @pam users should
> be allowed to login as well, since those are machine-local after all?
> But as far as I'm concerned, even root at pam-only for non-quorate nodes
> would make enough sense.

That's something else than the flag Dominik proposed though, would special
case @pam yet another time, but at least it has some arguments and make more
sense than we do for the host shell... Biggest benefit, no config required
at all.

So yeah that in form of an implementation and docs patch would be nice.

More information about the pve-devel mailing list