X-Git-Url: https://git.proxmox.com/?p=pve-access-control.git;a=blobdiff_plain;f=PVE%2FAPI2%2FDomains.pm;h=f78acbd13a0548f5d1e307905446d2793661db55;hp=10515c0da9f3cc43e9d8b46b6ef217466eedcd5b;hb=6084476178d2db030378ef402b9ba5a70df52d1e;hpb=5bb4e06a6440c8b67e67e14de9e42ba17a966b23

diff --git a/PVE/API2/Domains.pm b/PVE/API2/Domains.pm
index 10515c0..f78acbd 100644
--- a/PVE/API2/Domains.pm
+++ b/PVE/API2/Domains.pm
@@ -34,6 +34,13 @@ __PACKAGE__->register_method ({
 	    type => "object",
 	    properties => {
 		realm => { type => 'string' },
+		tfa => {
+		    description => "Two-factor authentication provider.",
+		    type => 'string',
+		    enum => [ 'yubico', 'oath' ],
+		    optional => 1,
+		},
+		comment => { type => 'string', optional => 1 },
 		comment => { type => 'string', optional => 1 },
 	    },
 	},
@@ -52,6 +59,9 @@ __PACKAGE__->register_method ({
 	    my $entry = { realm => $realm, type => $d->{type} };
 	    $entry->{comment} = $d->{comment} if $d->{comment};
 	    $entry->{default} = 1 if $d->{default};
+	    if ($d->{tfa} && (my $tfa_cfg = PVE::Auth::Plugin::parse_tfa_config($d->{tfa}))) {
+		$entry->{tfa} = $tfa_cfg->{type};
+	    }
 	    push @$res, $entry;
 	}
 
@@ -132,9 +142,6 @@ __PACKAGE__->register_method ({
 
 		my $realm = extract_param($param, 'realm');
 
-		die "unable to modify bultin domain '$realm'\n"
-		    if ($realm eq 'pam' || $realm eq 'pve');
-
 		die "domain '$realm' does not exist\n" 
 		    if !$ids->{$realm};