HTTPBasicAUth property behavior clarification

vincent0607
Minnow

Posts: 24

HTTPBasicAUth property behavior clarification May 29, 2024 5:50:16 GMT

Quote

Post by vincent0607 on May 29, 2024 5:50:16 GMT

from redfish spec 1.19.1, following change log statement for new feature as below

Updated the HTTP Basic authentication clause to explain that the HTTPBasicAuth property

in the AccountService resource can disable or restrict this functionality.

If HTTPBasicAUth as false, does host OS still be able to use bootstrap account with basic auth method to access Redfish ?
(related bootstrap account creation refer to method for DMTF Host Interface 1.3.0 specification)

Thanks

mraineri Administrator Posts: 1,116	HTTPBasicAUth property behavior clarification May 29, 2024 12:39:36 GMT Quote Select Post Deselect Post Link to Post Back to Top Post by mraineri on May 29, 2024 12:39:36 GMT No, HTTP Basic auth is disabled. They would need to use Redfish sessions at that point.

vincent0607 Minnow Posts: 24	HTTPBasicAUth property behavior clarification May 30, 2024 2:24:37 GMT Quote Select Post Deselect Post Link to Post Back to Top Post by vincent0607 on May 30, 2024 2:24:37 GMT thanks! Do you recommend that this HTTPBasicAUth property should is stored in volatile or nonvolatile ?

mraineri
Administrator

Posts: 1,116

HTTPBasicAUth property behavior clarification May 30, 2024 12:56:43 GMT

Quote

Post by mraineri on May 30, 2024 12:56:43 GMT

I would expect this to be non-volatile, otherwise the user would be forced to reconfigure the setting on each reboot of the BMC. It's like other policy-related properties; users tend to set those during initial deployment of a system and expect them to remain at those settings for the life of the system.

HTTPBasicAUth property behavior clarification

Post by vincent0607 on May 29, 2024 5:50:16 GMT

Post by mraineri on May 29, 2024 12:39:36 GMT

Post by vincent0607 on May 30, 2024 2:24:37 GMT

Post by mraineri on May 30, 2024 12:56:43 GMT