-
-
Notifications
You must be signed in to change notification settings - Fork 5.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Improve documentation for PAM and static deployment #21866
Conversation
Changes proposed in [referenced issue 21845](go-gitea#21845)
Rebase to upstream latest.
- `lbmethod_byrequests` is actually not required for HTTPS. - `STATIC_URL_PREFIX` _should_ work on an uninitialized system (it doesn't on mine though. - Added several documentation improvements recommended by the project owners.
**Note**: Once a user has been authenticated use of items such as SSH public | ||
keys _may_ bypass the login check system. Therefore, if disabling a user, it | ||
is recommended to manually disable the account in Gitea using the built-in user | ||
manager as well. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
**Note**: Once a user has been authenticated use of items such as SSH public | |
keys _may_ bypass the login check system. Therefore, if disabling a user, it | |
is recommended to manually disable the account in Gitea using the built-in user | |
manager as well. | |
**Note**: If a user has added SSH public keys into Gitea, the use of these | |
keys _may_ bypass the login check system. Therefore, if you wish to disable a user who | |
authenticates with PAM, you _should_ also manually disable the account in Gitea using the | |
built-in user manager. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I didn't want to state this because I really don't know and would just be assuming (and you know where that gets people), but I'm guessing that this is also the reason that the application needs read access to the user file /etc/shadow
.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There is no check performed against PAM when a user logs in with ssh - so if it is intended for them to be disabled admins will need to do this disabling manually.
- Changed verbiage around use of SSH public keys.
* giteaofficial/main: Improve documentation for PAM and static deployment (go-gitea#21866) Add package registry cleanup rules (go-gitea#21658) Support comma-delimited string as labels in issue template (go-gitea#21831) Fix wechatwork webhook sends empty content in PR review (go-gitea#21762) Show syntax lexer name in file view/blame (go-gitea#21814) Add `context.Context` to more methods (go-gitea#21546) Timeline and color tweaks (go-gitea#21799) Fix webpack license warning (go-gitea#21815) chore: add webpack export type check (go-gitea#21857) Prevent dangling user redirects (go-gitea#21856) Fix "build from source" document to clarify the `bindata` tag is required. (go-gitea#21853) Bump loader-utils from 2.0.3 to 2.0.4 (go-gitea#21852) Do not allow Ghost access to limited visible user/org (go-gitea#21849) Fix setting HTTP headers after write (go-gitea#21833)
## Changes proposed in [referenced issue 21845][1] - Expand PAM configuration description with working examples. - Clarify `STATIC_URL_PREFIX` use (include "assets" and only works after database has been initialized) - Add note for HTTPS proxy support VIA Apache. [1]: go-gitea#21845
Changes proposed in referenced issue 21845
STATIC_URL_PREFIX
use (include "assets" and only works after database has been initialized)