RESTCONF with authentification

[temabeloglinski]

Hi Olof! I have a question about RESTCONF with authentification. Do I understand correctly that when setting up a restconf with authentication, I use system users from the clicon group? For example: I have this config

  <restconf>
    <enable>true</enable>
    <auth-type>user</auth-type>
    <socket><namespace>default</namespace><address>0.0.0.0</address><port>80</port><ssl>false</ssl></socket>
  </restconf> 

Request Curl: admin@clixon:/$ curl -X GET http://x.x.x.x/restconf/data/ -u admin:admin { "ietf-restconf:errors" : { "error": { "error-type": "protocol", "error-tag": "access-denied", "error-severity": "error", "error-message": "The requested URL was unauthorized" } }

}

What I'm doing wrong?

[olofhagsand]

No, it is user-defined. You could implement it by such a strategy but the system has not done it for you. The example shows some hardcoded users: andy, wilma and guest. See https://clixon-docs.readthedocs.io/en/latest/restconf.html#auth-types

[temabeloglinski]

Unfortunately it didn't work

admin@clixon:/$ curl -X GET http://x.x.x.x/restconf/data/ -u andy:bar { "ietf-restconf:errors" : { "error": { "error-type": "protocol", "error-tag": "access-denied", "error-severity": "error", "error-message": "The requested URL was unauthorized" } }

} admin@clixon:/$

[olofhagsand]

Maybe the example plugin is not installed correctly, or not loaded? Its the example_restconf.so plugin. Check debug of clixon_restconf that it loads, and then when the http request comes in that it reaches the ca_auth callback.example_basic_auth(). It should have a entry in syslog if you run it as -D 1. I assume you are running native restconf.

[temabeloglinski]

Olof, thanks for the tip. The directory path for restconf plugins was specified incorrectly in my configuration file.

admin@clixon:/$ curl -G http://127.0.0.1/restconf/data -u andy:bar { "ietf-restconf:data": {} }