Age | Commit message (Collapse) | Author | Files | Lines |
|
Restrict bmcweb authentication to redfish group only. This
change makes sure that user without having redfish group user
is not authenticated to query the details, and login will fail.
Tested:
1.Verified by removing the redfish group role for a valid user
and confirmed redfish session establishment fails using postman.
Change-Id: Ie0c1c94a7ac4d218a502faba1d80c7b9fc2a7ca0
Signed-off-by: Richard Marian Thomaiyar <richard.marian.thomaiyar@linux.intel.com>
|
|
BMCWeb was using the "passwd" command PAM configuration settings when changing
the password. This changes it to use PAM service_name="webserver", the same
name it already uses for PAM authentication and account management functions.
Doing so allows the BMC system administrator to provide separate PAM config
files for the "passwd" command and BMCWeb's password changing function, and
for these activities to be correctly identified in the system logs.
Here is a sample incorrect log message (truncated & wrapped):
bmcweb[353]: pam_warn(passwd:chauthtok): function=[pam_sm_chauthtok]
flags=0xc000 service=[passwd] terminal=[<unknown>] user=[testuser]
ruser=[<unknown>] rhost=[<unknown>]
The "service" should be "webserver".
Tested: yes, password change successful
Change-Id: I593f42c8f0494df967fb498fb4dd66fa4168596b
Signed-off-by: Joseph Reynolds <joseph-reynolds@charter.net>
|
|
Signed-off-by: Jennifer Lee <jennifer1.lee@intel.com>
Change-Id: I18850e82e116683b1c56e3a0eb23511b09aeed51
|