ninadpalsule
commented
1 year ago @gtmills @ratagupt @rthomaiy Any plans to separate ssh into userGroup HostConsole and ManagerConsole? I am interested in getting the acountType PATCH support (https://gerrit.openbmc.org/c/openbmc/bmcweb/+/50965) and this is a requite for PATCH. This is where the accountType split is discussed : https://gerrit.openbmc.org/c/openbmc/bmcweb/+/50835. I think it is easiest to add new group named hostConsole and keep managerConsole mapped to ssh.
joseph-reynolds
gtmills
Redfish has both ManagerConsole and HostConsole. OpenBMC only has 1 group for these "ssh" In https://gerrit.openbmc.org/c/openbmc/bmcweb/+/50835/ ssh was mapped to both ManagerConsole and HostConsole.
It makes sense these are different "can log into the BMC console" is different than "can log into the host console" and users could have one and not the other.
We should solve this before https://gerrit.openbmc.org/c/openbmc/bmcweb/+/50965 goes in because switching would change behavior in a breaking way.
In IPMI, these are a difference between operator and admin roles.
https://github.com/openbmc/docs/blob/master/architecture/user-management.md#supported-group-roles https://github.com/openbmc/phosphor-user-manager/blob/f1b69fa62c5ceafeec1f084bfbf78402124833bb/user_mgr.hpp#L201