Age | Commit message (Collapse) | Author | Files | Lines |
|
Restrict bmcweb local user authentication to redfish group only.
This change makes sure that user without having redfish group user
is not authenticated to query the details, and login will fail.
Tested:
1. Verified by removing the redfish group role for a valid user
and confirmed redfish session establishment fails using postman.
2. This will not change the behavior for ldap user.
Change-Id: I5e1b495028c8d143381bcc91cafd756a12ffb1d9
Signed-off-by: Richard Marian Thomaiyar <richard.marian.thomaiyar@linux.intel.com>
|
|
This reverts commit cd17b26c893ba9dd1dcb0d56d725f2892c57e125.
Due to the commit LDAP stops working.
More info: https://lists.ozlabs.org/pipermail/openbmc/2020-May/021702.html
Hence it was decided to revert the commit(cd17b26c893ba9dd1dcb0d56d725f2892c57e125).
https://lists.ozlabs.org/pipermail/openbmc/2020-May/021704.html
Signed-off-by: Ratan Gupta <ratagupt@linux.vnet.ibm.com>
Change-Id: Ib9f98214057c3e04ea2667462c2b5210e1bcdf68
|
|
Restrict bmcweb authentication to redfish group only. This
change makes sure that user without having redfish group user
is not authenticated to query the details, and login will fail.
Tested:
1.Verified by removing the redfish group role for a valid user
and confirmed redfish session establishment fails using postman.
Change-Id: Ie0c1c94a7ac4d218a502faba1d80c7b9fc2a7ca0
Signed-off-by: Richard Marian Thomaiyar <richard.marian.thomaiyar@linux.intel.com>
|
|
BMCWeb was using the "passwd" command PAM configuration settings when changing
the password. This changes it to use PAM service_name="webserver", the same
name it already uses for PAM authentication and account management functions.
Doing so allows the BMC system administrator to provide separate PAM config
files for the "passwd" command and BMCWeb's password changing function, and
for these activities to be correctly identified in the system logs.
Here is a sample incorrect log message (truncated & wrapped):
bmcweb[353]: pam_warn(passwd:chauthtok): function=[pam_sm_chauthtok]
flags=0xc000 service=[passwd] terminal=[<unknown>] user=[testuser]
ruser=[<unknown>] rhost=[<unknown>]
The "service" should be "webserver".
Tested: yes, password change successful
Change-Id: I593f42c8f0494df967fb498fb4dd66fa4168596b
Signed-off-by: Joseph Reynolds <joseph-reynolds@charter.net>
|
|
Signed-off-by: Jennifer Lee <jennifer1.lee@intel.com>
Change-Id: I18850e82e116683b1c56e3a0eb23511b09aeed51
|