[PVE-User] Host console access with realm different from PAM
Thomas Lamprecht
t.lamprecht at proxmox.com
Mon Mar 27 13:35:05 CEST 2023
Hi,
Am 23/03/2023 um 11:30 schrieb Mariusz Suchodolski:
> Is custom realm <-> pam mapping in plans?
Not sure what you mean here exactly..
>
> We've setup Azure AD authentication but attempting to connect to one of the
> virtualization hosts yields the following message when attempting to access
> console:
>
> Connection failed (Error 403: Permission check failed (realm aad ! = pam) )
Yeah, this is a bit of an odd virtual limitations, and I'd be open to drop
those is-realm-pam checks completely; having Sys.Console and password of a
system user (root, or some ldap exposed system user) for login into the shell
is really enough.
As we try to avoid doing ACL changes with potential implications on a rolling
package update, I'd prefer doing this on the next major release, e.g. PVE 8.0
this year; as there we can add a more prominent entry in the changelogs "noteable
changes" section.
I checked quickly, but it doesn't seem we have a request for this logged in our
bugzilla (#2170 is sounding close but effectively wants something different), so
you could open a enhancement request to keep track of this at:
https://bugzilla.proxmox.com/
- Thomas
More information about the pve-user
mailing list