summaryrefslogtreecommitdiff
path: root/pam-webserver
AgeCommit message (Collapse)AuthorFilesLines
2020-06-08[pam]: Restrict local user auth to redfish grpRichard Marian Thomaiyar1-0/+3
Restrict bmcweb local user authentication to redfish group only. This change makes sure that user without having redfish group user is not authenticated to query the details, and login will fail. Tested: 1. Verified by removing the redfish group role for a valid user and confirmed redfish session establishment fails using postman. 2. This will not change the behavior for ldap user. Change-Id: I5e1b495028c8d143381bcc91cafd756a12ffb1d9 Signed-off-by: Richard Marian Thomaiyar <richard.marian.thomaiyar@linux.intel.com>
2020-05-28Revert "[pam]: Restrict user authentication to redfish grp"Ratan Gupta1-1/+0
This reverts commit cd17b26c893ba9dd1dcb0d56d725f2892c57e125. Due to the commit LDAP stops working. More info: https://lists.ozlabs.org/pipermail/openbmc/2020-May/021702.html Hence it was decided to revert the commit(cd17b26c893ba9dd1dcb0d56d725f2892c57e125). https://lists.ozlabs.org/pipermail/openbmc/2020-May/021704.html Signed-off-by: Ratan Gupta <ratagupt@linux.vnet.ibm.com> Change-Id: Ib9f98214057c3e04ea2667462c2b5210e1bcdf68
2020-02-07[pam]: Restrict user authentication to redfish grpRichard Marian Thomaiyar1-0/+1
Restrict bmcweb authentication to redfish group only. This change makes sure that user without having redfish group user is not authenticated to query the details, and login will fail. Tested: 1.Verified by removing the redfish group role for a valid user and confirmed redfish session establishment fails using postman. Change-Id: Ie0c1c94a7ac4d218a502faba1d80c7b9fc2a7ca0 Signed-off-by: Richard Marian Thomaiyar <richard.marian.thomaiyar@linux.intel.com>
2019-12-12Change PAM service_name for password changesJoseph Reynolds1-0/+1
BMCWeb was using the "passwd" command PAM configuration settings when changing the password. This changes it to use PAM service_name="webserver", the same name it already uses for PAM authentication and account management functions. Doing so allows the BMC system administrator to provide separate PAM config files for the "passwd" command and BMCWeb's password changing function, and for these activities to be correctly identified in the system logs. Here is a sample incorrect log message (truncated & wrapped): bmcweb[353]: pam_warn(passwd:chauthtok): function=[pam_sm_chauthtok] flags=0xc000 service=[passwd] terminal=[<unknown>] user=[testuser] ruser=[<unknown>] rhost=[<unknown>] The "service" should be "webserver". Tested: yes, password change successful Change-Id: I593f42c8f0494df967fb498fb4dd66fa4168596b Signed-off-by: Joseph Reynolds <joseph-reynolds@charter.net>
2018-06-29Create separate pam config for webserver instead of using dropbear'sJennifer Lee1-0/+4
Signed-off-by: Jennifer Lee <jennifer1.lee@intel.com> Change-Id: I18850e82e116683b1c56e3a0eb23511b09aeed51
generated by cgit v1.2.3 (git 2.39.0) at 2024-07-10 04:30:28 +0300