Re: [OpenWrt-Devel] How to add ubus users?
Hi Christoph, there is no PAM support yet but the appropriate place to add it would be rpc_login_test_login() of rpcd's session.c [1] I wouldn't mind adding PAM support if it is possible to make it optional at runtime. Haven't yet investigated whether it is feasible to dlopen() libpam if installed and otherwise fallback to plain shadow auth. 1: http://nbd.name/gitweb.cgi?p=luci2/rpcd.git;a=blob;f=session.c#l829 ~ Jow ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
Re: [OpenWrt-Devel] How to add ubus users?
Hi Jow, thank you for that information. > If the password option is specified like "$p$" then the password hash > for is validated against /etc/shadow. > > If the password option is specified like "$1$" then the client supplied > login password is hashed through crypt() and compared against the hash in > the config. You can generate such a hash with "mkpasswd -5 password" or > "uhttpd -m password". Are there also other options available? We have a bit strange offline two-factor authentication in use and have a pam plugin for this. Is there a way to authenticate against pam? If not, can you point me to the source code location, which is a good starting point to add such functionality? Best regards, Christoph -- ThyssenKrupp Elevator Innovation GmbH PDC Neuhausen TKEI Elevator Control Bernhaeuser Straße 45 73765 Neuhausen, Germany Phone +49 7158 12-2615 christoph.ruedi...@thyssenkrupp.com Company domicile: Essen Commercial register: Essen HRB 20 839 Postal address: ThyssenKrupp Allee 1, 45143 Essen, Germany Executive Board: Gerhard Thumm, Katrin Huenger, Philippe Choleau ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
Re: [OpenWrt-Devel] How to add ubus users?
Hi Rudiger, I would add another question on your question ... I'd like to have some kind of JSON-RPC with no user authentication. So, how can I remove user authentication at all? Thanks in advance ... 2015-09-25 9:20 GMT-03:00 Rüdiger, Christoph < christoph.ruedi...@thyssenkrupp.com>: > Hi! > > I've seen that there is an ACL concept for the ubus available [1], which > fits very nice to my plan making our system services available as ubus > calls instead of maintaining a REST API structure in parallel. However, I > was not able to figure out how to add additional users to the ubus. There > is a login method available where you typically login with the root user > and its password. This can be changed in /etc/config/rpcd, which is working > fine. But there is only one user available. > > So my question is, where do I define the additional users and map them to > my groups in the ACL files? > > Best regards, > Christoph > > [1] http://wiki.openwrt.org/doc/techref/ubus#acls > > -- > ThyssenKrupp Elevator Innovation GmbH > PDC Neuhausen > TKEI Elevator Control > Bernhaeuser Straße 45 > 73765 Neuhausen, Germany > > Phone +49 7158 12-2615 > christoph.ruedi...@thyssenkrupp.com > > Company domicile: Essen Commercial register: Essen HRB 20 839 > Postal address: ThyssenKrupp Allee 1, 45143 Essen, Germany > Executive Board: Gerhard Thumm, Katrin Huenger, Philippe Choleau > > > ___ > openwrt-devel mailing list > openwrt-devel@lists.openwrt.org > https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel > -- Ronaldo Afonso 11 9 5252 0484 www.ronaldoafonso.com.br ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
Re: [OpenWrt-Devel] How to add ubus users?
Hi Ronaldo, if you refer to the JSON-RPC/UBUS bridge in uhttpd then you can specify "option no_ubusauth 1" in /etc/config/uhttpd, this will bypass any permission checks. Keep in mind that this gives full access to anything exposed by ubus to any HTTP client! ~ Jow signature.asc Description: OpenPGP digital signature ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel