X-Git-Url: https://git.proxmox.com/?a=blobdiff_plain;f=pveum.adoc;h=37347e6fc1ce803a6ca65da13da5d5d03a9d82fc;hb=0dcd22f5da4f1a78853c7689363b3de08f8c81a5;hp=1447d3832b04b23459f2ea0a7a68665a0b837139;hpb=2837cf1d93d0ca99e18edfd72ada0b966f5268a8;p=pve-docs.git diff --git a/pveum.adoc b/pveum.adoc index 1447d38..37347e6 100644 --- a/pveum.adoc +++ b/pveum.adoc @@ -147,6 +147,7 @@ ldap an optional fallback server, optional port, and SSL encryption can be configured. +[[pveum_tfa_auth]] Two factor authentication ------------------------- @@ -199,12 +200,15 @@ https://www.yubico.com/products/services-software/yubicloud/[YubiCloud] or https://developers.yubico.com/Software_Projects/YubiKey_OTP/YubiCloud_Validation_Servers/[ host your own verification server]. +[[pveum_user_configured_totp]] User configured TOTP authentication ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ A user can choose to use 'TOTP' as a second factor on login via the 'TFA' button in the user list, unless the realm enforces 'YubiKey OTP'. +[thumbnail="screenshot/gui-datacenter-users-tfa.png"] + After opening the 'TFA' window, the user is presented with a dialog to setup 'TOTP' authentication. The 'Secret' field contains the key, which can simply be generated randomly via the 'Randomize' button. An optional 'Issuer Name' can be @@ -254,6 +258,7 @@ situation where this does not happen, particularly when using a top level domain recommended to test the configuration with multiple browsers, as changing the 'AppId' later will render existing 'U2F' registrations unusable. +[[pveum_user_configured_u2f]] Activating U2F as a user ~~~~~~~~~~~~~~~~~~~~~~~~ @@ -305,9 +310,15 @@ of predefined roles which satisfies most needs. You can see the whole set of predefined roles on the GUI. -Adding new roles can be done via both GUI and the command line, like -this: +Adding new roles can be done via both GUI and the command line. +[thumbnail="screenshot/gui-datacenter-role-add.png"] +For the GUI just navigate to 'Permissions -> User' Tab from 'Datacenter' and +click on the 'Create' button, there you can set a name and select all desired +roles from the 'Privileges' dropdown box. + +To add a role through the command line you can use the 'pveum' CLI tool, like +this: [source,bash] ---- pveum roleadd PVE_Power-only -privs "VM.PowerMgmt VM.Console" @@ -431,7 +442,7 @@ Each(`and`) or any(`or`) further element in the current list has to be true. `["perm", , [ ... ], ...]`:: The `path` is a templated parameter (see -<>). All (or , if the `any` +<>). All (or, if the `any` option is used, any) of the listed privileges must be allowed on the specified path. If a `require-param` option is specified, then its specified parameter is required even if the @@ -478,10 +489,10 @@ Command Line Tool ----------------- Most users will simply use the GUI to manage users. But there is also -a full featured command line tool called `pveum` (short for ``**P**roxmox +a fully featured command line tool called `pveum` (short for ``**P**roxmox **VE** **U**ser **M**anager''). Please note that all Proxmox VE command line tools are wrappers around the API, so you can also access those -function through the REST API. +functions through the REST API. Here are some simple usage examples. To show help type: