diff --git a/CHANGELOG.md b/CHANGELOG.md
index d76f8c80..7e04752e 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -58,9 +58,12 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
reservations page (#336).
- Hide users disclosure from jobs filters panel when authentication is
disabled (#330).
-- docs: Mention requirement of `SLURMRESTD_SECURITY=disable_user_check`
- environment variable definition in `slurmrestd` service drop-in configuration
- override (#320).
+- docs:
+ - Mention requirement of `SLURMRESTD_SECURITY=disable_user_check` environment
+ variable in `slurmrestd` service drop-in configuration override (#320).
+ - Fix protocols section in architecture page to mention Slurm internal
+ authentication mechanism (with `sackd`) and clarify that `munge` is not
+ involved between Slurm-web agent and `slurmrestd`.
## [3.1.0] - 2024-07-03
diff --git a/docs/modules/overview/images/arch/slurm-web_protocols.png b/docs/modules/overview/images/arch/slurm-web_protocols.png
index 0ef8e7e4..63cc77a1 100644
Binary files a/docs/modules/overview/images/arch/slurm-web_protocols.png and b/docs/modules/overview/images/arch/slurm-web_protocols.png differ
diff --git a/docs/modules/overview/images/arch/slurm-web_protocols.svg b/docs/modules/overview/images/arch/slurm-web_protocols.svg
index 32624fb5..e8f8d1af 100644
--- a/docs/modules/overview/images/arch/slurm-web_protocols.svg
+++ b/docs/modules/overview/images/arch/slurm-web_protocols.svg
@@ -29,10 +29,10 @@
fit-margin-right="0"
fit-margin-bottom="0"
inkscape:zoom="1.5554293"
- inkscape:cx="426.89179"
- inkscape:cy="144.33314"
- inkscape:window-width="1920"
- inkscape:window-height="1136"
+ inkscape:cx="843.17558"
+ inkscape:cy="137.90405"
+ inkscape:window-width="3840"
+ inkscape:window-height="2096"
inkscape:window-x="0"
inkscape:window-y="0"
inkscape:window-maximized="1"
@@ -168,6 +168,13 @@
y="22.489582"
rx="2.6105554"
ry="2.7781224" />
+
JWT
Munge
+ style="font-size:3.52778px;fill:#775b25;fill-opacity:1;stroke-width:0.264583"
+ x="116.51379"
+ y="67.094521">auth/{munge,slurm}
+ rest_auth/local
diff --git a/docs/modules/overview/pages/architecture.adoc b/docs/modules/overview/pages/architecture.adoc
index 59a8ef87..b093f4cd 100644
--- a/docs/modules/overview/pages/architecture.adoc
+++ b/docs/modules/overview/pages/architecture.adoc
@@ -67,16 +67,18 @@ initial authentication with LDAP directory, users are authenticated between
these components with https://jwt.io/[JSON Web Token] (JWT).
Communications between *agent* component and Slurm `slurmrestd` daemon are
-performed with HTTP protocol over a Unix socket.
+performed with HTTP protocol over a Unix socket. For security reasons
+`slurmrestd` checks the *agent* runs with the same UID/GID as itself with its
+`rest_auth/local` plugin.
-NOTE: Slurm `slurmrestd` supports incoming connections on TCP/IP sockets but
-this configuration is not yet supported by Slurm-web. This is currently a
-limitation in Slurm-web that might change in the future (see
+NOTE: Slurm `slurmrestd` supports incoming connections on TCP/IP sockets with
+`rest_auth/jwt` plugin but this configuration is not yet supported by Slurm-web.
+This is currently a limitation in Slurm-web that might change in the future (see
https://github.com/rackslab/Slurm-web/issues/313[#313]).
Slurm components communicates with specific binary RPC protocol over TCP/IP
-sockets. Communications between the *agent* and Slurm components are secured
-and user are authenticated with https://dun.github.io/munge/[Munge].
+sockets, secured by either https://dun.github.io/munge/[Munge] or
+https://slurm.schedmd.com/authentication.html#slurm[Slurm internal mechanism].
[#multiclusters]
== Multi-clusters Distribution