Am 14/09/2022 um 15:42 schrieb Dominik Csapak: > The downside is that we cannot authenticate users anymore without quorum > (since locking requires write access to pmxcfs), even for users without > tfa configured (and also for clusters without any tfa configured at all)
question is more if we should disallow login on unquorate clusters for all but root@pam, as for all others you cannot be sure if they still got the permissions and for the pve realm the credentials are still correct, or if the non-existing TFA entry is still up-to-date (the quorate partition could have TFA configured for that user since cluster split). root@pam is a hard-coded super admin and verified via PAM, which normally should be pmxcfs, and thus quorum, independent, at least if nobody was crazy enough to link /etc/shadow to a file in pmxcfs or wrote a PAM that works on pmxcfs info in other ways. _______________________________________________ pve-devel mailing list pve-devel@lists.proxmox.com https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
