ovh/the-bastion
1
1
Fork 0
mirror of https://github.com/ovh/the-bastion.git synced 2024-12-29 19:50:50 +08:00
Code Issues Projects Releases Packages Wiki Activity

regenerated doc

Browse source
This commit is contained in:
madx 2021-09-07 15:46:16 +02:00 committed by Stéphane Lesimple
parent ea8ed97a34
commit 4d3ee1b99d
2 changed files with 9 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
doc/sphinx/plugins/restricted/accountInfo.rst
View file

@ -59,6 +59,8 @@ Output example
~ - Additional TOTP authentication is not required for this account
~ - Additional TOTP authentication bypass is disabled for this account
~ - Additional TOTP authentication is disabled
~ - PAM authentication bypass is disabled
~ - Alternative authentication logic (allow both pubkey alone and PAM alone) is disabled
~ - MFA policy on personal accesses (using personal keys) on egress side is: password
~ Account PAM UNIX password information (used for password MFA):

7
doc/sphinx/plugins/restricted/accountModify.rst
View file

@ -69,3 +69,10 @@ Modify an account configuration
If enabled, this account can only use ``--osh`` commands, and can't connect anywhere through the bastion
.. option:: --mfa-any yes|no
Control the ingress login requirements for pubkey and pam (when a password and/or TOTP is set).
When disabled, the user needs pubkey AND pam, this is the default.
When enabled, the user can authenticate with either pubkey OR pam.
If the account has no password/TOTP, this option has no effect, i.e: pubkey is used. Egress is not affected.