X-Git-Url: https://git.proxmox.com/?p=pve-docs.git;a=blobdiff_plain;f=pveum.adoc;h=77f7aecbbc3e7e78dc4f34b5860417b62c6d9eef;hp=1447d3832b04b23459f2ea0a7a68665a0b837139;hb=dd1aa0e01624f5927fb65143c9a070672ccbeb92;hpb=2837cf1d93d0ca99e18edfd72ada0b966f5268a8 diff --git a/pveum.adoc b/pveum.adoc index 1447d38..77f7aec 100644 --- a/pveum.adoc +++ b/pveum.adoc @@ -147,6 +147,7 @@ ldap an optional fallback server, optional port, and SSL encryption can be configured. +[[pveum_tfa_auth]] Two factor authentication ------------------------- @@ -199,12 +200,15 @@ https://www.yubico.com/products/services-software/yubicloud/[YubiCloud] or https://developers.yubico.com/Software_Projects/YubiKey_OTP/YubiCloud_Validation_Servers/[ host your own verification server]. +[[pveum_user_configured_totp]] User configured TOTP authentication ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ A user can choose to use 'TOTP' as a second factor on login via the 'TFA' button in the user list, unless the realm enforces 'YubiKey OTP'. +[thumbnail="screenshot/gui-datacenter-users-tfa.png"] + After opening the 'TFA' window, the user is presented with a dialog to setup 'TOTP' authentication. The 'Secret' field contains the key, which can simply be generated randomly via the 'Randomize' button. An optional 'Issuer Name' can be @@ -254,6 +258,7 @@ situation where this does not happen, particularly when using a top level domain recommended to test the configuration with multiple browsers, as changing the 'AppId' later will render existing 'U2F' registrations unusable. +[[pveum_user_configured_u2f]] Activating U2F as a user ~~~~~~~~~~~~~~~~~~~~~~~~ @@ -305,9 +310,15 @@ of predefined roles which satisfies most needs. You can see the whole set of predefined roles on the GUI. -Adding new roles can be done via both GUI and the command line, like -this: +Adding new roles can be done via both GUI and the command line. +[thumbnail="screenshot/gui-datacenter-role-add.png"] +For the GUI just navigate to 'Permissions -> User' Tab from 'Datacenter' and +click on the 'Create' button, there you can set a name and select all desired +roles from the 'Privileges' dropdown box. + +To add a role through the command line you can use the 'pveum' CLI tool, like +this: [source,bash] ---- pveum roleadd PVE_Power-only -privs "VM.PowerMgmt VM.Console"