Authentication¶
RPC authentication is ensured ACL standard. Every specific RPC or a group of RPC can be set with a specific access right. This is true for any particular communication protocol. You can for example set a different access right for an RPC through a serial interface then through MQTT.
The following is the default access right :
RPC |
Channel Type |
ACL |
Description |
|---|---|---|---|
Totem.* |
HTTP |
+user,+admin |
Allow |
Totem.* |
MQTT |
* |
Allow any user to call an RPC from group Totem through MQTT. |
Totem.* |
WS_in |
+user,+admin |
Allow |
Audio.* |
HTTP |
+user,+admin |
Allow |
Audio.* |
MQTT |
* |
Allow any user to call an RPC from group Audio through MQTT |
Audio.* |
WS_in |
+user,+admin |
Allow |
* |
HTTP |
+admin |
Allow |
* |
MQTT |
+admin |
Allow |
* |
WS_in |
+admin |
Allow |
* |
UART |
* |
Allow any user to call any RPC through UART |
* |
* |
-* |
Deny all other. |
You can create/edit ACL as you want by editing rpc_acl.json. Here is the default ACL described in previous table:
[
{"method": "Totem.*", "ch_type": "HTTP", "acl":"+user,+admin"},
{"method": "Totem.*", "ch_type": "MQTT", "acl":"*"},
{"method": "Totem.*", "ch_type": "WS_in", "acl":"+user,+admin"},
{"method": "Audio.*", "ch_type": "HTTP", "acl":"+user,+admin"},
{"method": "Audio.*", "ch_type": "MQTT", "acl":"*"},
{"method": "Audio.*", "ch_type": "WS_in", "acl":"+user,+admin"},
{"method": "*", "ch_type": "HTTP", "acl":"+admin"},
{"method": "*", "ch_type": "MQTT", "acl":"+admin"},
{"method": "*", "ch_type": "WS_in", "acl":"+admin"},
{"method": "*", "ch_type": "UART", "acl":"*"},
{"method": "*", "acl": "-*"}
]
User management¶
Above section describe access rights for 2 different users: user and admin.
You can create as many user as you want by adding a new line in file rpc_auth.txt (See Quick Start). Here is the structure of the file:
<username>:sdnesp01:<pass htdigest>
More information about digest authentication here.
Default username password used are :
Username |
Password |
|---|---|
user |
user |
admin |
admin |