[pam]: Restrict local user auth to redfish grp
Restrict bmcweb local user authentication to redfish group only.
This change makes sure that user without having redfish group user
is not authenticated to query the details, and login will fail.
Tested:
1. Verified by removing the redfish group role for a valid user
and confirmed redfish session establishment fails using postman.
2. This will not change the behavior for ldap user.
Change-Id: I5e1b495028c8d143381bcc91cafd756a12ffb1d9
Signed-off-by: Richard Marian Thomaiyar <richard.marian.thomaiyar@linux.intel.com>
diff --git a/pam-webserver b/pam-webserver
index 473b922..a5e7af4 100644
--- a/pam-webserver
+++ b/pam-webserver
@@ -1,5 +1,8 @@
#%PAM-1.0
auth include common-auth
+# skip redfish group check for non-local user (ldap)
+auth [success=ok perm_denied=1 default=ignore] pam_localuser.so
+auth required pam_succeed_if.so user ingroup redfish
account include common-account
password include common-password