[pve-devel] [RFC PATCH access-control] loosen locking restriction for users without tfa configured

Thomas Lamprecht t.lamprecht at proxmox.com
Thu Sep 15 12:43:46 CEST 2022


Am 14/09/2022 um 15:42 schrieb Dominik Csapak:
> The downside is that we cannot authenticate users anymore without quorum
> (since locking requires write access to pmxcfs), even for users without
> tfa configured (and also for clusters without any tfa configured at all)

question is more if we should disallow login on unquorate clusters for all
but root at pam, as for all others you cannot be sure if they still got the
permissions and for the pve realm the credentials are still correct, or
if the non-existing TFA entry is still up-to-date (the quorate partition
could have TFA configured for that user since cluster split).

root at pam is a hard-coded super admin and verified via PAM, which normally
should be pmxcfs, and thus quorum, independent, at least if nobody was crazy
enough to link /etc/shadow to a file in pmxcfs or wrote a PAM that works 
on pmxcfs info in other ways.





More information about the pve-devel mailing list