On 10.11.21 13:48, Wolfgang Bumiller wrote: > This is a follow up to the previous series doing the following: > Convert the *ancient* user keys (from user.cfg) to new TFA keys > when updating a user's tfa settings. > And support the ancient keys in the authentication code > > Currently this causes a tfa & user config to be locked together > (so the lock fns are enforcing an order to avoid deadlocks). > We could *not* do that, but it *may* end up adding the old-old keys > twice... not really something that I'd expect to happen, but whatever, > support for these is most likely going to be dropped in PVE-8 anyway, > then the code handling this can also get dropped. > > NOTE: > Since this is about backward support for old code from back when admins > needed to configure the user 2nd factors, the user facing side here is a > bit minimalistic: The old keys will not be visible in the TFA panel > until the user actually makes a change, since they come from different > sources... > > BUT, since we're now adding recovery key support, the best option here > is for users to simply add a set of those, which will automatically pull > in the old keys into the new config.
ACK, please ensure this info is conveyed clearly in our release notes. applied series, thanks! _______________________________________________ pve-devel mailing list pve-devel@lists.proxmox.com https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
