Proxmox User Management Questions

hand363

New Member
Jan 1, 2023
12
1
3
Hello,

I have been going deep into proxmox’s custom user management (https://pve.proxmox.com/wiki/User_Management), along with an openID connect realms. And I have a few questions:

1. Proxmox’s wiki on user management says “Proxmox VE stores user attributes in /etc/pve/domains.cfg”, this file doesn’t exist (at least in a cluster environment). My first question is can I disable PAM and/or PVE realms? To enforce login through my openID connect realm.

2. I noticed the “Administrator role” (within PVE realms) cannot do everything root (within PAM realm) can do (Ceph things: erasing disks, .., cluster creation, ..) is their anyway to get a full root privileges from a none-PAM user? I have auditing requirements which get really picky about any admin tasks that need to done in root.

Thanks!
 
Last edited:
For certain actions you will have to use the root@pam user.

the `user.cfg` file will be created once needed.

If you define a Realm as "Default" it should be the default one in the login window.
 
For certain actions you will have to use the root@pam user.

the `user.cfg` file will be created once needed.

If you define a Realm as "Default" it should be the default one in the login window.
Hey Aaron,

Thanks for the reply! Thanks for confirming my suspionion about some actions requiring root@pam.

As for my second question, I want to remove the ability to login through PAM/PVE realms, not make openID the default. Is there anyway to do this?
 
I want to remove the ability to login through PAM/PVE realms, not make openID the default. Is there anyway to do this?
I am not aware of any way to disable them in the web UI. By making the OIDC one the default, it will at least be the one selected by default.
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!