There are 2 special authentication domains name 'pve' and 'pam':
- * pve: stores paswords to "/etc/pve/priv/shadow.cfg" (SHA256 crypt);
+ * pve: stores passwords to "/etc/pve/priv/shadow.cfg" (SHA256 crypt);
* pam: use unix 'pam'
role:
- defines a sets of priviledges
+ defines a sets of privileges
predefined roles:
Object: A Virtual machine, Network (bridge, venet), Hosts, Host Memory, Storage, ...
-We can identify our objects by an unique (file system like) path, which also defines a tree like hierarchy relation. ACL can be inherited. Permissions are inherited if the propagate flag is set on the parent. Child permissions always overwrite inherited permissions. User permission takes precedence over all group permissions. If multiple group permission apply the resulting role is the union of all those group priviledges.
+We can identify our objects by an unique (file system like) path, which also defines a tree like hierarchy relation. ACL can be inherited. Permissions are inherited if the propagate flag is set on the parent. Child permissions always overwrite inherited permissions. User permission takes precedence over all group permissions. If multiple group permission apply the resulting role is the union of all those group privileges.
There is at most one object permission per user or group
* add realm sub commands to pveum CLI tool
- * api: domains: add user group sync API enpoint
+ * api: domains: add user group sync API endpoint
* allow one to sync and import users and groups from LDAP/AD based realms
libpve-access-control (5.1-9) unstable; urgency=medium
* store the tfa type in user.cfg allowing to get it without proxying the call
- to a higher priviledged daemon.
+ to a higher privileged daemon.
* tfa: realm required TFA should lock out users without TFA configured, as it
was done before Proxmox VE 5.4
libpve-access-control (3.0-3) unstable; urgency=low
- * Add new role PVETemplateUser (and VM.Clone priviledge)
+ * Add new role PVETemplateUser (and VM.Clone privilege)
-- Proxmox Support Team <support@proxmox.com> Mon, 29 Apr 2013 11:42:15 +0200
libpve-access-control (1.0-18) unstable; urgency=low
- * fix bug #151: corretly parse username inside ticket
+ * fix bug #151: correctly parse username inside ticket
* fix bug #152: allow user to change his own password
libpve-access-control (1.0-3) unstable; urgency=low
* add support for delayed parameter parsing - We need that to disable
- file upload for normal API request (avoid DOS attacs)
+ file upload for normal API request (avoid DOS attacks)
-- Proxmox Support Team <support@proxmox.com> Fri, 02 Dec 2011 09:56:10 +0100
my $subject = Net::SSLeay::X509_NAME_oneline($nameobj);
Net::SSLeay::X509_free($x509);
- # remote-viewer wants comma as seperator (not '/')
+ # remote-viewer wants comma as separator (not '/')
$subject =~ s!^/!!;
$subject =~ s!/(\w+=)!,$1!g;
# called during addition of realm (before the new domain config got written)
# `password` is moved to %param to avoid writing it out to the config
-# die to abort additon if there are (grave) problems
+# die to abort addition if there are (grave) problems
# NOTE: runs in a domain config *locked* context
sub on_add_hook {
my ($class, $realm, $config, %param) = @_;
}
}
-# hacks: to provide better backwards compatibiliy
+# hacks: to provide better backwards compatibility
# old code uses PVE::RPCEnvironment::get();
# new code should use PVE::RPCEnvironment->get();
projects / pve-access-control.git / commitdiff