Skip to content

basic HTTP authentication

Related to #1120 (closed) and #1263 (closed) but addressing only the access to the control agent by local unprivileged users.

The idea is to implement the basic HTTP authentication (https://tools.ietf.org/html/rfc7617):

  • add user and optionally password (for the user:password form) in HA config
  • add user and optionally password to Kea shell
  • add user and password list and realm to CA config
  • add the capability to pass the basic credential (i.e. base64(user:password)) to HTTP client code
  • add the basic authentication support (require header and check credential from a reversed map) to HTTP listener code
  • add support from octet string to UTF-8 translation (JSON is Unicode32, we support its 8 bit subset)
  • update the Kea secure shell and the RBAC reverse proxy
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information