I've created a package to enable direct passkey logins (not 2FA -- direct logins through the web UI). This package does not make any changes to system files (though it does wrap pvedaemon and pveproxy to add the necessary endpoints). This is an initial release, so there has been zero real-world usage to identify any bugs yet -- I can't even be sure that it will install and/or function properly on someone else's proxmox installation (but please open an issue on GitHub if you experience a problem).
https://github.com/chall37/pve-webauthn-login
NOTE: I've only tested/released against 8.4.14 and 9.1.2. Going forward, I have no plans to maintain support for older versions of PVE, so development will only ever focus on the current release.
IMPORTANT: Do not trust any code implicitly, including this, and do not use this on production servers! It's my understanding that passkey logins are a low-pri feature request that's in the works, so please wait/pay/beg for the feature if you want passkey logins on production servers.
The package is open-source and the code is fully available for a security review, but anything could happen -- a malicious actor could potentially gain access to my github account and push malicious code without my knowledge. I make every effort to keep my account secure, but I'm just an individual.
Apologies if this is not the appropriate venue to share this, but I thought it might be of interest to others.
https://github.com/chall37/pve-webauthn-login
NOTE: I've only tested/released against 8.4.14 and 9.1.2. Going forward, I have no plans to maintain support for older versions of PVE, so development will only ever focus on the current release.
IMPORTANT: Do not trust any code implicitly, including this, and do not use this on production servers! It's my understanding that passkey logins are a low-pri feature request that's in the works, so please wait/pay/beg for the feature if you want passkey logins on production servers.
The package is open-source and the code is fully available for a security review, but anything could happen -- a malicious actor could potentially gain access to my github account and push malicious code without my knowledge. I make every effort to keep my account secure, but I'm just an individual.
Apologies if this is not the appropriate venue to share this, but I thought it might be of interest to others.