Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Improve documentation for PAM and static deployment #21866

Merged
merged 7 commits into from
Nov 20, 2022
Merged

Improve documentation for PAM and static deployment #21866

merged 7 commits into from
Nov 20, 2022

Conversation

KB3HNS
Copy link
Contributor

@KB3HNS KB3HNS commented Nov 19, 2022
edited
Loading

Changes proposed in referenced issue 21845

  • Expand PAM configuration description with working examples.
  • Clarify STATIC_URL_PREFIX use (include "assets" and only works after database has been initialized)
  • Add note for HTTPS proxy support VIA Apache.

@KB3HNS
Documentation changes:
5937825 
Changes proposed in
[referenced issue 21845](go-gitea#21845)
@techknowlogick techknowlogick added the type/docs This PR mainly updates/creates documentation label Nov 19, 2022
@GiteaBot GiteaBot added the lgtm/need 2 This PR needs two approvals by maintainers to be considered for merging. label Nov 19, 2022
KB3HNS and others added 3 commits November 19, 2022 08:54
@KB3HNS
Merge pull request #1 from go-gitea/main
0974243 
Rebase to upstream latest.
@KB3HNS
Rebase to latest.
221435b
@KB3HNS
Addressing some PR feedback:
0b2f6f8 
- `lbmethod_byrequests` is actually not required for HTTPS.
- `STATIC_URL_PREFIX` _should_ work on an uninitialized system (it doesn't on mine though.
- Added several documentation improvements recommended by the project owners.
@GiteaBot GiteaBot added lgtm/need 1 This PR needs approval from one additional maintainer to be merged. and removed lgtm/need 2 This PR needs two approvals by maintainers to be considered for merging. labels Nov 19, 2022
@zeripath zeripath changed the title Documentation changes for #21845 Improve documentation for PAM and static deployment Nov 20, 2022
zeripath
zeripath reviewed Nov 20, 2022
View reviewed changes
docs/content/doc/features/authentication.en-us.md Outdated
Comment on lines 176 to 179
**Note**: Once a user has been authenticated use of items such as SSH public
keys _may_ bypass the login check system. Therefore, if disabling a user, it
is recommended to manually disable the account in Gitea using the built-in user
manager as well.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
**Note**: Once a user has been authenticated use of items such as SSH public
keys _may_ bypass the login check system. Therefore, if disabling a user, it
is recommended to manually disable the account in Gitea using the built-in user
manager as well.
**Note**: If a user has added SSH public keys into Gitea, the use of these
keys _may_ bypass the login check system. Therefore, if you wish to disable a user who
authenticates with PAM, you _should_ also manually disable the account in Gitea using the
built-in user manager.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I didn't want to state this because I really don't know and would just be assuming (and you know where that gets people), but I'm guessing that this is also the reason that the application needs read access to the user file /etc/shadow.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There is no check performed against PAM when a user logs in with ssh - so if it is intended for them to be disabled admins will need to do this disabling manually.

@GiteaBot GiteaBot added lgtm/done This PR has enough approvals to get merged. There are no important open reservations anymore. and removed lgtm/need 1 This PR needs approval from one additional maintainer to be merged. labels Nov 20, 2022
@zeripath zeripath merged commit 43aafc5 into go-gitea:main Nov 20, 2022
zjjhot added a commit to zjjhot/gitea that referenced this pull request Nov 21, 2022
@zjjhot
Merge remote-tracking branch 'giteaofficial/main'
f89ed53 
* giteaofficial/main:
  Improve documentation for PAM and static deployment (go-gitea#21866)
  Add package registry cleanup rules (go-gitea#21658)
  Support comma-delimited string as labels in issue template (go-gitea#21831)
  Fix wechatwork webhook sends empty content in PR review (go-gitea#21762)
  Show syntax lexer name in file view/blame (go-gitea#21814)
  Add `context.Context` to more methods (go-gitea#21546)
  Timeline and color tweaks (go-gitea#21799)
  Fix webpack license warning (go-gitea#21815)
  chore: add webpack export type check (go-gitea#21857)
  Prevent dangling user redirects (go-gitea#21856)
  Fix "build from source" document to clarify the `bindata` tag is required. (go-gitea#21853)
  Bump loader-utils from 2.0.3 to 2.0.4 (go-gitea#21852)
  Do not allow Ghost access to limited visible user/org (go-gitea#21849)
  Fix setting HTTP headers after write (go-gitea#21833)
@KB3HNS KB3HNS deleted the kb3hns/21845 branch November 21, 2022 16:29
fsologureng pushed a commit to fsologureng/gitea that referenced this pull request Nov 22, 2022
@KB3HNS @fsologureng
Improve documentation for PAM and static deployment (go-gitea#21866)
cd47fb4 
## Changes proposed in [referenced issue 21845][1]

- Expand PAM configuration description with working examples.
- Clarify `STATIC_URL_PREFIX` use (include "assets" and only works after
database has been initialized)
- Add note for HTTPS proxy support VIA Apache.

[1]: go-gitea#21845
@go-gitea go-gitea locked and limited conversation to collaborators May 3, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@zeripath zeripath zeripath approved these changes

@wxiaoguang wxiaoguang wxiaoguang approved these changes

Assignees
No one assigned
Labels
lgtm/done This PR has enough approvals to get merged. There are no important open reservations anymore. type/docs This PR mainly updates/creates documentation
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@KB3HNS @zeripath @wxiaoguang @techknowlogick @GiteaBot