From dba95c263254124a041586b3fd98a8bbbc0dbf6a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Henrik=20tom=20W=C3=B6rden?= <henrik@trineo.org>
Date: Fri, 15 Jan 2021 15:23:23 +0100
Subject: [PATCH] DOC: document user management

---
 README_SETUP.md                        |  2 ++
 conf/core/usersources.ini.template     | 11 ++++++++---
 src/doc/administration/maintenance.rst |  8 ++++++++
 3 files changed, 18 insertions(+), 3 deletions(-)

diff --git a/README_SETUP.md b/README_SETUP.md
index 5cbd85ab..f47f5a08 100644
--- a/README_SETUP.md
+++ b/README_SETUP.md
@@ -119,6 +119,8 @@ server:
     * Maybe set another `SESSION_TIMEOUT_MS`.
     * See also [README_CONFIGURATION.md](README_CONFIGURATION.md)
 6. Copy `conf/core/usersources.ini.template` to `conf/ext/usersources.ini`.
+    * You can skip this if you do not want to use an external authentication. 
+	  Local users (CaosDB realm) are always available.
     * Define the users/groups who you want to include/exclude.
     * Assign at least one user the `administration` role.
       * For example, if the admin user is called `caosdb`, there should be the
diff --git a/conf/core/usersources.ini.template b/conf/core/usersources.ini.template
index 9053093e..2e0fe249 100644
--- a/conf/core/usersources.ini.template
+++ b/conf/core/usersources.ini.template
@@ -22,14 +22,19 @@
 # ** end header
 #
 
-# `realms` is a comma and/or space separated list of realms which users can use for authentication
+# This file configures external authentication providers. The CaosDB realm is
+# always available (without being defined here).
+
+# `realms` is a comma and/or space separated list of realms which users can 
+# use for authentication
+# Currently available: PAM
 realms = PAM
 
 # This is the default realm, to be used when no other realms is specified
 defaultRealm = PAM
 
-# Each realm has one section with specific options.  The options for a specific realm can be looked
-# up in that realm's documentation.
+# Each realm has one section with specific options.  The options for a specific 
+# realm can be looked up in that realm's documentation.
 #
 # Hint: Realms are implemented by classes which are typically in the
 # org.caosdb.server.accessControl.Pam package and implement the UserSource interface.
diff --git a/src/doc/administration/maintenance.rst b/src/doc/administration/maintenance.rst
index 8a339761..67d8475b 100644
--- a/src/doc/administration/maintenance.rst
+++ b/src/doc/administration/maintenance.rst
@@ -57,3 +57,11 @@ If you want to restore the entities exported to XML, you can do::
          cont = cont.from_xml(fi.read())                                                                                                                  
      cont.insert()
                                             
+User Management
+---------------
+The configuration of authentication mechanisms is done via the 
+``usersources.ini`` file (see :any:`configuration`).
+
+We recommend the Python tools (:any:`caosdb-pylib:Administration`) for further administrative tasks (e.g. setting
+user passwords).
+
-- 
GitLab