hcq/MaxScale
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

MXS-1662 Add PAM authentication option for admin users

Browse Source 
If normal authentication fails and a PAM service is defined, PAM authentication
is attempted. Separate services can be set for read-only users and admin-level
users.
This commit is contained in:
Esa Korhonen
2019-04-04 15:05:53 +03:00
parent 893059c537
commit 969ef5f9f7
7 changed files with 130 additions and 28 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
include/maxscale/adminusers.h.in
View File

@ -101,6 +101,19 @@ json_t* admin_all_users_to_json(const char* host, enum user_type type);
*/
json_t* admin_user_to_json(const char* host, const char* user, enum user_type type);
/**
* Check if user credentials are accepted by any of the configured REST API PAM services. By default, both
* the read-only and read-write services are attempted.
*
* @param username Username
* @param password Password
* @param min_acc_type Minimum account type required. If BASIC, authentication succeeds if
* either read-only or readwrite service succeeds. If ADMIN, only the readwrite service is attempted.
* @return True if user & password logged in successfully
*/
bool admin_user_is_pam_account(const std::string& username, const std::string& password,
user_account_type min_acc_type = USER_ACCOUNT_BASIC);
void dcb_PrintAdminUsers(DCB *dcb);
MXS_END_DECLS