commit | cd17b26c893ba9dd1dcb0d56d725f2892c57e125 | [log] [tgz] |
---|---|---|
author | Richard Marian Thomaiyar <richard.marian.thomaiyar@linux.intel.com> | Tue Jan 28 15:07:35 2020 +0530 |
committer | Richard Marian Thomaiyar <richard.marian.thomaiyar@linux.intel.com> | Fri Feb 07 09:58:13 2020 +0000 |
tree | cb2195bc46f08493b6e4c30b3edcece0f7b3add4 | |
parent | 3f8a743a5179eb618518ff04b98202a997342bb0 [diff] |
[pam]: Restrict user authentication to redfish grp Restrict bmcweb authentication to redfish group only. This change makes sure that user without having redfish group user is not authenticated to query the details, and login will fail. Tested: 1.Verified by removing the redfish group role for a valid user and confirmed redfish session establishment fails using postman. Change-Id: Ie0c1c94a7ac4d218a502faba1d80c7b9fc2a7ca0 Signed-off-by: Richard Marian Thomaiyar <richard.marian.thomaiyar@linux.intel.com>
This component attempts to be a "do everything" embedded webserver for openbmc.
At this time, the webserver implements a few interfaces:
BMCWeb is configured by setting -D
flags that correspond to options in bmcweb/CMakeLists.txt
and then compiling. For example, cmake -DBMCWEB_ENABLE_KVM=NO ...
followed by make
. The option names become C++ preprocessor symbols that control which code is compiled into the program.
When BMCWeb starts running, it reads persistent configuration data (such as UUID and session data) from a local file. If this is not usable, it generates a new configuration.
When BMCWeb SSL support is enabled and a usable certificate is not found, it will generate a self-sign a certificate before launching the server. The keys are generated by the prime256v1
algorithm. The certificate
C=US, O=OpenBMC, CN=testhost
,SHA-256
algorithm.