Hello,
I have been going deep into proxmox’s custom user management (https://pve.proxmox.com/wiki/User_Management), along with an openID connect realms. And I have a few questions:
1. Proxmox’s wiki on user management says “Proxmox VE stores user attributes in /etc/pve/domains.cfg”, this file doesn’t exist (at least in a cluster environment). My first question is can I disable PAM and/or PVE realms? To enforce login through my openID connect realm.
2. I noticed the “Administrator role” (within PVE realms) cannot do everything root (within PAM realm) can do (Ceph things: erasing disks, .., cluster creation, ..) is their anyway to get a full root privileges from a none-PAM user? I have auditing requirements which get really picky about any admin tasks that need to done in root.
Thanks!
I have been going deep into proxmox’s custom user management (https://pve.proxmox.com/wiki/User_Management), along with an openID connect realms. And I have a few questions:
1. Proxmox’s wiki on user management says “Proxmox VE stores user attributes in /etc/pve/domains.cfg”, this file doesn’t exist (at least in a cluster environment). My first question is can I disable PAM and/or PVE realms? To enforce login through my openID connect realm.
2. I noticed the “Administrator role” (within PVE realms) cannot do everything root (within PAM realm) can do (Ceph things: erasing disks, .., cluster creation, ..) is their anyway to get a full root privileges from a none-PAM user? I have auditing requirements which get really picky about any admin tasks that need to done in root.
Thanks!
Last edited:
