|
|
When the config option ``auth_strategy`` is set to ``http_basic`` then
non-public API calls require a valid HTTP Basic authentication header
to be set. The config option ``http_basic_auth_user_file`` defaults to
``/etc/ironic/htpasswd`` and points to a file which supports the
Apache htpasswd syntax[1]. This file is read for every request, so no
service restart is required when changes are made.
The only password digest supported is bcrypt, and the ``bcrypt``
python library is used for password checks since it supports ``$2y$``
prefixed bcrypt passwords as generated by the Apache htpasswd utility.
To try HTTP basic authentication, the following can be done:
* Set ``/etc/ironic/ironic.conf`` ``DEFAULT`` ``auth_strategy`` to ``http_basic``
* Populate the htpasswd file with entries, for example:
``htpasswd -nbB myName myPassword >> /etc/ironic/htpasswd``
* Make basic authenticated HTTP requests, for example:
``curl --user myName:myPassword http://localhost:6385/v1/drivers``
[1] https://httpd.apache.org/docs/current/misc/password_encryptions.html
Change-Id: I7b89155d8bbd2f48e186c12adea9d6932cd0bfe2
Story: 2007656
Task: 39825
Depends-On: https://review.opendev.org/729070
|
