AuthN and netconf-tcp, netconf-ssh
|
Ed Warnicke (eaw) <eaw@...>
Liem,
Robert is wanting to explore using AAA for netconf-tcp and netconf-ssh for Helium. As we’ve discussed, the need here is for netconf-{tcp,ssh} to be able to present credentials to authN, and find out if they are valid credentials. Hopefully this should be simple. Could you help Robert figure out the scope of the work? Ed
|
|
|
|
Nguyen, Liem Manh <liem_m_nguyen@...>
Hi Robert,
toggle quoted messageShow quoted text
AAA comes a built-in IdM server with a set of REST API to manage users/roles/domains. You can use this API to validate credentials from your service, basically passing in username/password/domain and getting back a set of roles for that user on the given domain. You can then do further authorization if needed in your service. More details on the IdM APIs here (Sorry, we are working on getting more formal documentation than a spreadsheet): https://docs.google.com/spreadsheets/d/1YYMmK_V5LMAjLGZOEjfKSX0x4Gwb-K5Xuk1wZskwWwY/edit#gid=0 This work is not yet checked in, since we are still working on integrating it into Karaf (having issue with JAXB/JSON in Karaf)... Regards, Liem
-----Original Message-----
From: Ed Warnicke (eaw) [mailto:eaw@...] Sent: Tuesday, August 19, 2014 7:48 AM To: Robert Varga -X (rovarga - Pantheon Technologies SRO at Cisco); aaa-dev@...; Nguyen, Liem Manh Subject: AuthN and netconf-tcp, netconf-ssh Liem, Robert is wanting to explore using AAA for netconf-tcp and netconf-ssh for Helium. As we've discussed, the need here is for netconf-{tcp,ssh} to be able to present credentials to authN, and find out if they are valid credentials. Hopefully this should be simple. Could you help Robert figure out the scope of the work? Ed
|
|
|
|
Ed Warnicke (eaw) <eaw@...>
Liem,
toggle quoted messageShow quoted text
We would need a direct Java binding… do you have DOCs on how to do that? Ed
On Aug 19, 2014, at 1:51 PM, Nguyen, Liem Manh <liem_m_nguyen@...> wrote:
Hi Robert,
|
|
|
|
Nguyen, Liem Manh <liem_m_nguyen@...>
No, we don't have any formal doc on that yet (will be Javadoc as soon as we get the IdM server integrated); but, it will be part of the OSGi IdmService. I will provide more developer info as soon as this gets integrated (hopefully) this week.
toggle quoted messageShow quoted text
Regards, Liem
-----Original Message-----
From: Ed Warnicke (eaw) [mailto:eaw@...] Sent: Tuesday, August 19, 2014 12:24 PM To: Nguyen, Liem Manh Cc: Robert Varga -X (rovarga - Pantheon Technologies SRO at Cisco); aaa-dev@... Subject: Re: AuthN and netconf-tcp, netconf-ssh Liem, We would need a direct Java binding... do you have DOCs on how to do that? Ed On Aug 19, 2014, at 1:51 PM, Nguyen, Liem Manh <liem_m_nguyen@...> wrote: Hi Robert,
|
|
|
|
Nguyen, Liem Manh <liem_m_nguyen@...>
Hi Robert,
While we are working on integrating the IdM server (almost there!), this is the service you can obtain from OSGi to do the authentication:
Currently, the only credential AAA supports out-of-the-box for direct authentication is username/password: PasswordCredentials.
Please let me know if you have any questions…
Regards, Liem
-----Original Message-----
From: Nguyen, Liem Manh Sent: Tuesday, August 19, 2014 12:50 PM To: 'Ed Warnicke (eaw)' Cc: Robert Varga -X (rovarga - Pantheon Technologies SRO at Cisco); aaa-dev@... Subject: RE: AuthN and netconf-tcp, netconf-ssh
No, we don't have any formal doc on that yet (will be Javadoc as soon as we get the IdM server integrated); but, it will be part of the OSGi IdmService. I will provide more developer info as soon as this gets integrated (hopefully) this week.
Regards, Liem
-----Original Message----- From: Ed Warnicke (eaw) [mailto:eaw@...] Sent: Tuesday, August 19, 2014 12:24 PM To: Nguyen, Liem Manh Cc: Robert Varga -X (rovarga - Pantheon Technologies SRO at Cisco); aaa-dev@... Subject: Re: AuthN and netconf-tcp, netconf-ssh
Liem, We would need a direct Java binding… do you have DOCs on how to do that?
Ed On Aug 19, 2014, at 1:51 PM, Nguyen, Liem Manh <liem_m_nguyen@...> wrote:
> Hi Robert, > > AAA comes a built-in IdM server with a set of REST API to manage users/roles/domains. You can use this API to validate credentials from your service, basically passing in username/password/domain and getting back a set of roles for that user on the given domain. You can then do further authorization if needed in your service. > > More details on the IdM APIs here (Sorry, we are working on getting more formal documentation than a spreadsheet): > > https://docs.google.com/spreadsheets/d/1YYMmK_V5LMAjLGZOEjfKSX0x4Gwb-K5Xuk1wZskwWwY/edit#gid=0 > > This work is not yet checked in, since we are still working on integrating it into Karaf (having issue with JAXB/JSON in Karaf)... > > Regards, > Liem > > -----Original Message----- > From: Ed Warnicke (eaw) [mailto:eaw@...] > Sent: Tuesday, August 19, 2014 7:48 AM > To: Robert Varga -X (rovarga - Pantheon Technologies SRO at Cisco); aaa-dev@...; Nguyen, Liem Manh > Subject: AuthN and netconf-tcp, netconf-ssh > > Liem, > Robert is wanting to explore using AAA for netconf-tcp and netconf-ssh for Helium. > As we've discussed, the need here is for netconf-{tcp,ssh} to be able to present credentials to authN, and find out if they are valid credentials. Hopefully this should be simple. Could you help Robert figure out the scope of the work? > > Ed
|
|
|
|
Robert Varga -X (rovarga - Pantheon Technologies SRO@Cisco) <rovarga@...>
Hey Liem,
This looks like an API Maros (CC’d) will need to migrate the NETCONF bits away from AD-SAL.
Thanks, Robert
From:
Nguyen, Liem Manh [mailto:liem_m_nguyen@...]
Hi Robert,
While we are working on integrating the IdM server (almost there!), this is the service you can obtain from OSGi to do the authentication:
Currently, the only credential AAA supports out-of-the-box for direct authentication is username/password: PasswordCredentials.
Please let me know if you have any questions…
Regards, Liem
-----Original Message-----
From: Nguyen, Liem Manh Sent: Tuesday, August 19, 2014 12:50 PM To: 'Ed Warnicke (eaw)' Cc: Robert Varga -X (rovarga - Pantheon Technologies SRO at Cisco); aaa-dev@... Subject: RE: AuthN and netconf-tcp, netconf-ssh
No, we don't have any formal doc on that yet (will be Javadoc as soon as we get the IdM server integrated); but, it will be part of the OSGi IdmService. I will provide more developer info as soon as this gets integrated (hopefully) this week.
Regards, Liem
-----Original Message----- From: Ed Warnicke (eaw) [mailto:eaw@...] Sent: Tuesday, August 19, 2014 12:24 PM To: Nguyen, Liem Manh Cc: Robert Varga -X (rovarga - Pantheon Technologies SRO at Cisco); aaa-dev@... Subject: Re: AuthN and netconf-tcp, netconf-ssh
Liem, We would need a direct Java binding… do you have DOCs on how to do that?
Ed On Aug 19, 2014, at 1:51 PM, Nguyen, Liem Manh <liem_m_nguyen@...> wrote:
> Hi Robert, > > AAA comes a built-in IdM server with a set of REST API to manage users/roles/domains. You can use this API to validate credentials from your service, basically passing in username/password/domain and getting back a set of roles for that user on the given domain. You can then do further authorization if needed in your service. > > More details on the IdM APIs here (Sorry, we are working on getting more formal documentation than a spreadsheet): > > https://docs.google.com/spreadsheets/d/1YYMmK_V5LMAjLGZOEjfKSX0x4Gwb-K5Xuk1wZskwWwY/edit#gid=0 > > This work is not yet checked in, since we are still working on integrating it into Karaf (having issue with JAXB/JSON in Karaf)... > > Regards, > Liem > > -----Original Message----- > From: Ed Warnicke (eaw) [mailto:eaw@...] > Sent: Tuesday, August 19, 2014 7:48 AM > To: Robert Varga -X (rovarga - Pantheon Technologies SRO at Cisco); aaa-dev@...; Nguyen, Liem Manh > Subject: AuthN and netconf-tcp, netconf-ssh > > Liem, > Robert is wanting to explore using AAA for netconf-tcp and netconf-ssh for Helium. > As we've discussed, the need here is for netconf-{tcp,ssh} to be able to present credentials to authN, and find out if they are valid credentials. Hopefully this should be simple. Could you help Robert figure out the scope of the work? > > Ed
|
|
|
|
Nguyen, Liem Manh <liem_m_nguyen@...>
Hi Robert,
I am not sure I quite understand your comment about API macro, but the AuthN piece in AAA is designed to be independent of either AD-SAL or MD-SAL.
Regards, Liem
From: Robert Varga -X (rovarga - Pantheon Technologies SRO at Cisco) [mailto:rovarga@...]
Hey Liem,
This looks like an API Maros (CC’d) will need to migrate the NETCONF bits away from AD-SAL.
Thanks, Robert
From: Nguyen, Liem Manh [mailto:liem_m_nguyen@...]
Hi Robert,
While we are working on integrating the IdM server (almost there!), this is the service you can obtain from OSGi to do the authentication:
Currently, the only credential AAA supports out-of-the-box for direct authentication is username/password: PasswordCredentials.
Please let me know if you have any questions…
Regards, Liem
-----Original Message-----
From: Nguyen, Liem Manh Sent: Tuesday, August 19, 2014 12:50 PM To: 'Ed Warnicke (eaw)' Cc: Robert Varga -X (rovarga - Pantheon Technologies SRO at Cisco); aaa-dev@... Subject: RE: AuthN and netconf-tcp, netconf-ssh
No, we don't have any formal doc on that yet (will be Javadoc as soon as we get the IdM server integrated); but, it will be part of the OSGi IdmService. I will provide more developer info as soon as this gets integrated (hopefully) this week.
Regards, Liem
-----Original Message----- From: Ed Warnicke (eaw) [mailto:eaw@...] Sent: Tuesday, August 19, 2014 12:24 PM To: Nguyen, Liem Manh Cc: Robert Varga -X (rovarga - Pantheon Technologies SRO at Cisco); aaa-dev@... Subject: Re: AuthN and netconf-tcp, netconf-ssh
Liem, We would need a direct Java binding… do you have DOCs on how to do that?
Ed On Aug 19, 2014, at 1:51 PM, Nguyen, Liem Manh <liem_m_nguyen@...> wrote:
> Hi Robert, > > AAA comes a built-in IdM server with a set of REST API to manage users/roles/domains. You can use this API to validate credentials from your service, basically passing in username/password/domain and getting back a set of roles for that user on the given domain. You can then do further authorization if needed in your service. > > More details on the IdM APIs here (Sorry, we are working on getting more formal documentation than a spreadsheet): > > https://docs.google.com/spreadsheets/d/1YYMmK_V5LMAjLGZOEjfKSX0x4Gwb-K5Xuk1wZskwWwY/edit#gid=0 > > This work is not yet checked in, since we are still working on integrating it into Karaf (having issue with JAXB/JSON in Karaf)... > > Regards, > Liem > > -----Original Message----- > From: Ed Warnicke (eaw) [mailto:eaw@...] > Sent: Tuesday, August 19, 2014 7:48 AM > To: Robert Varga -X (rovarga - Pantheon Technologies SRO at Cisco); aaa-dev@...; Nguyen, Liem Manh > Subject: AuthN and netconf-tcp, netconf-ssh > > Liem, > Robert is wanting to explore using AAA for netconf-tcp and netconf-ssh for Helium. > As we've discussed, the need here is for netconf-{tcp,ssh} to be able to present credentials to authN, and find out if they are valid credentials. Hopefully this should be simple. Could you help Robert figure out the scope of the work? > > Ed
|
|
|
|
Ed Warnicke (eaw) <eaw@...>
Liem,
toggle quoted messageShow quoted text
Think of it this way:
We have a bundle. The bundle gets user credentials. It needs to via a java service ask the AuthN to whether
those credentials are valid or not (and what roles they correspond to).
How would we do that?
Ed On Aug 22, 2014, at 3:44 PM, Nguyen, Liem Manh <liem_m_nguyen@...> wrote:
|
|
|
|
Nguyen, Liem Manh <liem_m_nguyen@...>
Hi Ed,
So… the bundle would:
1. Get a reference to the org.opendaylight.aaa.api.CredentialAuth service from OSGi. 2. Call the authenticate() method on the service, passing in the user credentials (username/password) 3. The call will return back a Claim object, consisting of: a. Client id (if known) b. User id c. User name d. Domain name e. User roles If the credentials are not valid, a runtime AuthenticationException will be thrown.
Regards, Liem
From: Ed Warnicke (eaw) [mailto:eaw@...]
Liem, Think of it this way: We have a bundle. The bundle gets user credentials. It needs to via a java service ask the AuthN to whether those credentials are valid or not (and what roles they correspond to).
How would we do that?
Ed
On Aug 22, 2014, at 3:44 PM, Nguyen, Liem Manh <liem_m_nguyen@...> wrote:
Hi Robert,
I am not sure I quite understand your comment about API macro, but the AuthN piece in AAA is designed to be independent of either AD-SAL or MD-SAL.
Regards, Liem
From: Robert
Varga -X (rovarga - Pantheon Technologies SRO at Cisco) [mailto:rovarga@...]
Hey Liem,
This looks like an API Maros (CC’d) will need to migrate the NETCONF bits away from AD-SAL.
Thanks, Robert
From: Nguyen,
Liem Manh [mailto:liem_m_nguyen@...]
Hi Robert,
While we are working on integrating the IdM server (almost there!), this is the service you can obtain from OSGi to do the authentication:
Currently, the only credential AAA supports out-of-the-box for direct authentication is username/password: PasswordCredentials.
Please let me know if you have any questions…
Regards, Liem
-----Original Message-----
No, we don't have any formal doc on that yet (will be Javadoc as soon as we get the IdM server integrated); but, it will be part of the OSGi IdmService. I will provide more developer info as soon as this gets integrated (hopefully) this week.
Regards, Liem
-----Original Message----- From: Ed Warnicke (eaw) [mailto:eaw@...] Sent: Tuesday, August 19, 2014 12:24 PM To: Nguyen, Liem Manh Cc: Robert Varga -X (rovarga - Pantheon Technologies SRO at Cisco); aaa-dev@... Subject: Re: AuthN and netconf-tcp, netconf-ssh
Liem, We would need a direct Java binding… do you have DOCs on how to do that?
Ed On Aug 19, 2014, at 1:51 PM, Nguyen, Liem Manh <liem_m_nguyen@...> wrote:
> Hi Robert, > > AAA comes a built-in IdM server with a set of REST API to manage users/roles/domains. You can use this API to validate credentials from your service, basically passing in username/password/domain and getting back a set of roles for that user on the given domain. You can then do further authorization if needed in your service. > > More details on the IdM APIs here (Sorry, we are working on getting more formal documentation than a spreadsheet): > > > This work is not yet checked in, since we are still working on integrating it into Karaf (having issue with JAXB/JSON in Karaf)... > > Regards, > Liem > > -----Original Message----- > From: Ed Warnicke (eaw) [mailto:eaw@...] > Sent: Tuesday, August 19, 2014 7:48 AM > To: Robert Varga -X (rovarga - Pantheon Technologies SRO at Cisco); aaa-dev@...; Nguyen, Liem Manh > Subject: AuthN and netconf-tcp, netconf-ssh > > Liem, > Robert is wanting to explore using AAA for netconf-tcp and netconf-ssh for Helium. > As we've discussed, the need here is for netconf-{tcp,ssh} to be able to present credentials to authN, and find out if they are valid credentials. Hopefully this should be simple. Could you help Robert figure out the scope of the work? > > Ed
|
|
|
|
Maros Marsalek -X (mmarsale - Pantheon Technologies SRO@Cisco) <mmarsale@...>
Hi Liem, Netconf in ODL still uses old UserManager service from AD-SAL. I'd be happy to replace it with your API/Implementation for user/password authentication. But I have a few questions for you/Robert/Ed: Do we want to do it in Helium or later (not too much time until code freeze) ? Are your bundles (Api/Implementation) part of ODL base distribution or will they be ? Regards, Maros From: Nguyen, Liem Manh [liem_m_nguyen@...]
Sent: Saturday, August 23, 2014 00:13 To: Ed Warnicke (eaw) Cc: Robert Varga -X (rovarga - Pantheon Technologies SRO at Cisco); Maros Marsalek -X (mmarsale - Pantheon Technologies SRO at Cisco); aaa-dev@...; Kristian Kocsis -X (kkocsis - Pantheon Technologies SRO at Cisco) Subject: RE: AuthN and netconf-tcp, netconf-ssh Hi Ed,
So… the bundle would:
1. Get a reference to the org.opendaylight.aaa.api.CredentialAuth service from OSGi. 2. Call the authenticate() method on the service, passing in the user credentials (username/password) 3. The call will return back a Claim object, consisting of: a. Client id (if known) b. User id c. User name d. Domain name e. User roles If the credentials are not valid, a runtime AuthenticationException will be thrown.
Regards, Liem
From: Ed Warnicke (eaw) [mailto:eaw@...]
Liem, Think of it this way: We have a bundle. The bundle gets user credentials. It needs to via a java service ask the AuthN to whether those credentials are valid or not (and what roles they correspond to).
How would we do that?
Ed
On Aug 22, 2014, at 3:44 PM, Nguyen, Liem Manh <liem_m_nguyen@...> wrote:
Hi Robert,
I am not sure I quite understand your comment about API macro, but the AuthN piece in AAA is designed to be independent of either AD-SAL or MD-SAL.
Regards, Liem
From: Robert
Varga -X (rovarga - Pantheon Technologies SRO at Cisco) [mailto:rovarga@...]
Hey Liem,
This looks like an API Maros (CC’d) will need to migrate the NETCONF bits away from AD-SAL.
Thanks, Robert
From: Nguyen,
Liem Manh [mailto:liem_m_nguyen@...]
Hi Robert,
While we are working on integrating the IdM server (almost there!), this is the service you can obtain from OSGi to do the authentication:
Currently, the only credential AAA supports out-of-the-box for direct authentication is username/password: PasswordCredentials.
Please let me know if you have any questions…
Regards, Liem
-----Original Message-----
No, we don't have any formal doc on that yet (will be Javadoc as soon as we get the IdM server integrated); but, it will be part of the OSGi IdmService. I will provide more developer info as soon as this gets integrated (hopefully) this week.
Regards, Liem
-----Original Message----- From: Ed Warnicke (eaw) [mailto:eaw@...] Sent: Tuesday, August 19, 2014 12:24 PM To: Nguyen, Liem Manh Cc: Robert Varga -X (rovarga - Pantheon Technologies SRO at Cisco); aaa-dev@... Subject: Re: AuthN and netconf-tcp, netconf-ssh
Liem, We would need a direct Java binding… do you have DOCs on how to do that?
Ed On Aug 19, 2014, at 1:51 PM, Nguyen, Liem Manh <liem_m_nguyen@...> wrote:
> Hi Robert, > > AAA comes a built-in IdM server with a set of REST API to manage users/roles/domains. You can use this API to validate credentials from your service, basically passing in username/password/domain and getting back a set of roles for that user on the given domain. You can then do further authorization if needed in your service. > > More details on the IdM APIs here (Sorry, we are working on getting more formal documentation than a spreadsheet): > > > This work is not yet checked in, since we are still working on integrating it into Karaf (having issue with JAXB/JSON in Karaf)... > > Regards, > Liem > > -----Original Message----- > From: Ed Warnicke (eaw) [mailto:eaw@...] > Sent: Tuesday, August 19, 2014 7:48 AM > To: Robert Varga -X (rovarga - Pantheon Technologies SRO at Cisco); aaa-dev@...; Nguyen, Liem Manh > Subject: AuthN and netconf-tcp, netconf-ssh > > Liem, > Robert is wanting to explore using AAA for netconf-tcp and netconf-ssh for Helium. > As we've discussed, the need here is for netconf-{tcp,ssh} to be able to present credentials to authN, and find out if they are valid credentials. Hopefully this should be simple. Could you help Robert figure out the scope of the work? > > Ed
|
|
|
|
Ed Warnicke (eaw) <eaw@...>
Definitely Helium.
toggle quoted messageShow quoted text
Ed On Aug 25, 2014, at 10:11 AM, Maros Marsalek -X (mmarsale - Pantheon Technologies SRO at Cisco) <mmarsale@...> wrote:
|
|
|
|
Maros Marsalek -X (mmarsale - Pantheon Technologies SRO@Cisco) <mmarsale@...>
Ok, I can take a look at that tomorrow. But its just 2 days(tomorrow and the day after) for me until code freeze, will be on PTO from Thursday. So if I am not able to accomplish that by September 1st, will it be possible to merge after ? Or should someone else take it ? And Liem, what shape is your service in ? Can I start using it from tomorrow in ODL ? Is it possible to integrate it with ODL-netconf bundle in 1-2 days ? Maros From: Ed Warnicke (eaw)
Sent: Monday, August 25, 2014 17:17 To: Maros Marsalek -X (mmarsale - Pantheon Technologies SRO at Cisco) Cc: Nguyen, Liem Manh; Robert Varga -X (rovarga - Pantheon Technologies SRO at Cisco); aaa-dev@...; Kristian Kocsis -X (kkocsis - Pantheon Technologies SRO at Cisco) Subject: Re: AuthN and netconf-tcp, netconf-ssh Definitely Helium.
Ed On Aug 25, 2014, at 10:11 AM, Maros Marsalek -X (mmarsale - Pantheon Technologies SRO at Cisco) <mmarsale@...> wrote:
|
|
|
|
Ed Warnicke (eaw) <eaw@...>
Maros,
toggle quoted messageShow quoted text
We’d need it in before code freeze next Monday…
Ed On Aug 25, 2014, at 10:35 AM, Maros Marsalek -X (mmarsale - Pantheon Technologies SRO at Cisco) <mmarsale@...> wrote:
|
|
|
|
Nguyen, Liem Manh <liem_m_nguyen@...>
>> what shape is your service in ?
The snapshot is available in Nexus… The AuthN piece is working 100%; the IdM backend is being integrated (so not yet checked in)… Hopefully, it will be in earlier this week. For testing, you can just use the canned user (admin/odl).
Regards, Liem
From: Maros Marsalek -X (mmarsale - Pantheon Technologies SRO at Cisco) [mailto:mmarsale@...]
Ok, I can take a look at that tomorrow. But its just 2 days(tomorrow and the day after) for me until code freeze, will be on PTO from Thursday. From: Ed Warnicke (eaw) Definitely Helium.
Ed On Aug 25, 2014, at 10:11 AM, Maros Marsalek -X (mmarsale - Pantheon Technologies SRO at Cisco) <mmarsale@...> wrote:
Hi Liem, From: Nguyen,
Liem Manh [liem_m_nguyen@...] Hi Ed,
So… the bundle would:
1. Get a reference to the org.opendaylight.aaa.api.CredentialAuth service from OSGi. 2. Call the authenticate() method on the service, passing in the user credentials (username/password) 3. The call will return back a Claim object, consisting of: a. Client id (if known) b. User id c. User name d. Domain name e. User roles If the credentials are not valid, a runtime AuthenticationException will be thrown.
Regards, Liem
From: Ed
Warnicke (eaw) [mailto:eaw@...]
Liem, Think of it this way: We have a bundle. The bundle gets user credentials. It needs to via a java service ask the AuthN to whether those credentials are valid or not (and what roles they correspond to).
How would we do that?
Ed
On Aug 22, 2014, at 3:44 PM, Nguyen, Liem Manh <liem_m_nguyen@...> wrote:
Hi Robert,
I am not sure I quite understand your comment about API macro, but the AuthN piece in AAA is designed to be independent of either AD-SAL or MD-SAL.
Regards, Liem
From: Robert
Varga -X (rovarga - Pantheon Technologies SRO at Cisco) [mailto:rovarga@...]
Hey Liem,
This looks like an API Maros (CC’d) will need to migrate the NETCONF bits away from AD-SAL.
Thanks, Robert
From: Nguyen,
Liem Manh [mailto:liem_m_nguyen@...]
Hi Robert,
While we are working on integrating the IdM server (almost there!), this is the service you can obtain from OSGi to do the authentication:
Currently, the only credential AAA supports out-of-the-box for direct authentication is username/password: PasswordCredentials.
Please let me know if you have any questions…
Regards, Liem
-----Original Message-----
No, we don't have any formal doc on that yet (will be Javadoc as soon as we get the IdM server integrated); but, it will be part of the OSGi IdmService. I will provide more developer info as soon as this gets integrated (hopefully) this week.
Regards, Liem
-----Original Message----- From: Ed Warnicke (eaw) [mailto:eaw@...] Sent: Tuesday, August 19, 2014 12:24 PM To: Nguyen, Liem Manh Cc: Robert Varga -X (rovarga - Pantheon Technologies SRO at Cisco); aaa-dev@... Subject: Re: AuthN and netconf-tcp, netconf-ssh
Liem, We would need a direct Java binding… do you have DOCs on how to do that?
Ed On Aug 19, 2014, at 1:51 PM, Nguyen, Liem Manh <liem_m_nguyen@...> wrote:
> Hi Robert, > > AAA comes a built-in IdM server with a set of REST API to manage users/roles/domains. You can use this API to validate credentials from your service, basically passing in username/password/domain and getting back a set of roles for that user on the given domain. You can then do further authorization if needed in your service. > > More details on the IdM APIs here (Sorry, we are working on getting more formal documentation than a spreadsheet): > > > This work is not yet checked in, since we are still working on integrating it into Karaf (having issue with JAXB/JSON in Karaf)... > > Regards, > Liem > > -----Original Message----- > From: Ed Warnicke (eaw) [mailto:eaw@...] > Sent: Tuesday, August 19, 2014 7:48 AM > To: Robert Varga -X (rovarga - Pantheon Technologies SRO at Cisco); aaa-dev@...; Nguyen, Liem Manh > Subject: AuthN and netconf-tcp, netconf-ssh > > Liem, > Robert is wanting to explore using AAA for netconf-tcp and netconf-ssh for Helium. > As we've discussed, the need here is for netconf-{tcp,ssh} to be able to present credentials to authN, and find out if they are valid credentials. Hopefully this should be simple. Could you help Robert figure out the scope of the work? > > Ed
|
|
|
|
Maros Marsalek -X (mmarsale - Pantheon Technologies SRO@Cisco) <mmarsale@...>
Talked to Tony, He said that we cannot introduce a direct dependency in ODL to the AAA bundles. AAA bundles depend on ODL bundles and we would introduce a cyclic dependency that would cause problems when bumping version of ODL bundles during release or otherwise (since AAA is not part of ODL base repository). He suggested that we introduce a new bundle in ODL with SPI for Authentication Service for Netconf. It would serve as an interface between ODL netconf and Authentication Service implementations. Then there would be 2 implementations: - AD-SAL UserManager (we would extract UserManager related code and all AD-SAL dependencies there so it can be easily replaceable) - Liem's implementation (this implementation would be hosted in AAA repository and would replace the first implementation in distributions) So what do you say to that approach ? We would have to introduce new interface to ODL (only SPI but still, its API freeze) Liem would still have to bump the version of ODL they use and release their bundles. Maros From: Nguyen, Liem Manh [liem_m_nguyen@...]
Sent: Monday, August 25, 2014 17:44 To: Maros Marsalek -X (mmarsale - Pantheon Technologies SRO at Cisco); Ed Warnicke (eaw) Cc: Robert Varga -X (rovarga - Pantheon Technologies SRO at Cisco); aaa-dev@...; Kristian Kocsis -X (kkocsis - Pantheon Technologies SRO at Cisco); Mellquist, Peter Subject: RE: AuthN and netconf-tcp, netconf-ssh >> what shape is your service in ?
The snapshot is available in Nexus… The AuthN piece is working 100%; the IdM backend is being integrated (so not yet checked in)… Hopefully, it will be in earlier this week. For testing, you can just use the canned user (admin/odl).
Regards, Liem
From: Maros Marsalek -X (mmarsale - Pantheon Technologies SRO at Cisco) [mailto:mmarsale@...]
Ok, I can take a look at that tomorrow. But its just 2 days(tomorrow and the day after) for me until code freeze, will be on PTO from Thursday. From: Ed Warnicke (eaw) Definitely Helium.
Ed On Aug 25, 2014, at 10:11 AM, Maros Marsalek -X (mmarsale - Pantheon Technologies SRO at Cisco) <mmarsale@...> wrote:
Hi Liem, From: Nguyen,
Liem Manh [liem_m_nguyen@...] Hi Ed,
So… the bundle would:
1. Get a reference to the org.opendaylight.aaa.api.CredentialAuth service from OSGi. 2. Call the authenticate() method on the service, passing in the user credentials (username/password) 3. The call will return back a Claim object, consisting of: a. Client id (if known) b. User id c. User name d. Domain name e. User roles If the credentials are not valid, a runtime AuthenticationException will be thrown.
Regards, Liem
From: Ed
Warnicke (eaw) [mailto:eaw@...]
Liem, Think of it this way: We have a bundle. The bundle gets user credentials. It needs to via a java service ask the AuthN to whether those credentials are valid or not (and what roles they correspond to).
How would we do that?
Ed
On Aug 22, 2014, at 3:44 PM, Nguyen, Liem Manh <liem_m_nguyen@...> wrote:
Hi Robert,
I am not sure I quite understand your comment about API macro, but the AuthN piece in AAA is designed to be independent of either AD-SAL or MD-SAL.
Regards, Liem
From: Robert
Varga -X (rovarga - Pantheon Technologies SRO at Cisco) [mailto:rovarga@...]
Hey Liem,
This looks like an API Maros (CC’d) will need to migrate the NETCONF bits away from AD-SAL.
Thanks, Robert
From: Nguyen,
Liem Manh [mailto:liem_m_nguyen@...]
Hi Robert,
While we are working on integrating the IdM server (almost there!), this is the service you can obtain from OSGi to do the authentication:
Currently, the only credential AAA supports out-of-the-box for direct authentication is username/password: PasswordCredentials.
Please let me know if you have any questions…
Regards, Liem
-----Original Message-----
No, we don't have any formal doc on that yet (will be Javadoc as soon as we get the IdM server integrated); but, it will be part of the OSGi IdmService. I will provide more developer info as soon as this gets integrated (hopefully) this week.
Regards, Liem
-----Original Message----- From: Ed Warnicke (eaw) [mailto:eaw@...] Sent: Tuesday, August 19, 2014 12:24 PM To: Nguyen, Liem Manh Cc: Robert Varga -X (rovarga - Pantheon Technologies SRO at Cisco); aaa-dev@... Subject: Re: AuthN and netconf-tcp, netconf-ssh
Liem, We would need a direct Java binding… do you have DOCs on how to do that?
Ed On Aug 19, 2014, at 1:51 PM, Nguyen, Liem Manh <liem_m_nguyen@...> wrote:
> Hi Robert, > > AAA comes a built-in IdM server with a set of REST API to manage users/roles/domains. You can use this API to validate credentials from your service, basically passing in username/password/domain and getting back a set of roles for that user on the given domain. You can then do further authorization if needed in your service. > > More details on the IdM APIs here (Sorry, we are working on getting more formal documentation than a spreadsheet): > > > This work is not yet checked in, since we are still working on integrating it into Karaf (having issue with JAXB/JSON in Karaf)... > > Regards, > Liem > > -----Original Message----- > From: Ed Warnicke (eaw) [mailto:eaw@...] > Sent: Tuesday, August 19, 2014 7:48 AM > To: Robert Varga -X (rovarga - Pantheon Technologies SRO at Cisco); aaa-dev@...; Nguyen, Liem Manh > Subject: AuthN and netconf-tcp, netconf-ssh > > Liem, > Robert is wanting to explore using AAA for netconf-tcp and netconf-ssh for Helium. > As we've discussed, the need here is for netconf-{tcp,ssh} to be able to present credentials to authN, and find out if they are valid credentials. Hopefully this should be simple. Could you help Robert figure out the scope of the work? > > Ed
|
|
|
|
Nguyen, Liem Manh <liem_m_nguyen@...>
Hi Maros,
Sounds good… Just a clarification: only the odl-aaa-authz feature/bundles (AuthZ) depend on ODL; the odl-aaa-authn feature/bundles (AuthN) do not. So, an alternative is we could have the AuthZ reside with the ODL codebase… AuthZ, of course, would depend on AuthN. Thoughts on the 2 different approaches? I personally like the fact that AuthZ should reside as close to the business/service layer as possible, since it ultimately understands the service logics for authorization.
Thanks, Liem
From: Maros Marsalek -X (mmarsale - Pantheon Technologies SRO at Cisco) [mailto:mmarsale@...]
Talked to Tony, He suggested that we introduce a new bundle in ODL with SPI for Authentication Service for Netconf. It would serve as an interface
between ODL netconf and Authentication Service implementations. Then there would be 2 implementations: From: Nguyen, Liem Manh [liem_m_nguyen@...] >> what shape is your service in ?
The snapshot is available in Nexus… The AuthN piece is working 100%; the IdM backend is being integrated (so not yet checked in)… Hopefully, it will be in earlier this week. For testing, you can just use the canned user (admin/odl).
Regards, Liem
From: Maros Marsalek -X (mmarsale - Pantheon Technologies SRO at Cisco)
[mailto:mmarsale@...]
Ok, I can take a look at that tomorrow. But its just 2 days(tomorrow and the day after) for me until code freeze, will be on PTO from Thursday. From: Ed Warnicke (eaw) Definitely Helium.
Ed On Aug 25, 2014, at 10:11 AM, Maros Marsalek -X (mmarsale - Pantheon Technologies SRO at Cisco) <mmarsale@...> wrote:
Hi Liem, From: Nguyen,
Liem Manh [liem_m_nguyen@...] Hi Ed,
So… the bundle would:
1. Get a reference to the org.opendaylight.aaa.api.CredentialAuth service from OSGi. 2. Call the authenticate() method on the service, passing in the user credentials (username/password) 3. The call will return back a Claim object, consisting of: a. Client id (if known) b. User id c. User name d. Domain name e. User roles If the credentials are not valid, a runtime AuthenticationException will be thrown.
Regards, Liem
From: Ed
Warnicke (eaw) [mailto:eaw@...]
Liem, Think of it this way: We have a bundle. The bundle gets user credentials. It needs to via a java service ask the AuthN to whether those credentials are valid or not (and what roles they correspond to).
How would we do that?
Ed
On Aug 22, 2014, at 3:44 PM, Nguyen, Liem Manh <liem_m_nguyen@...> wrote:
Hi Robert,
I am not sure I quite understand your comment about API macro, but the AuthN piece in AAA is designed to be independent of either AD-SAL or MD-SAL.
Regards, Liem
From: Robert
Varga -X (rovarga - Pantheon Technologies SRO at Cisco) [mailto:rovarga@...]
Hey Liem,
This looks like an API Maros (CC’d) will need to migrate the NETCONF bits away from AD-SAL.
Thanks, Robert
From: Nguyen,
Liem Manh [mailto:liem_m_nguyen@...]
Hi Robert,
While we are working on integrating the IdM server (almost there!), this is the service you can obtain from OSGi to do the authentication:
Currently, the only credential AAA supports out-of-the-box for direct authentication is username/password: PasswordCredentials.
Please let me know if you have any questions…
Regards, Liem
-----Original Message-----
No, we don't have any formal doc on that yet (will be Javadoc as soon as we get the IdM server integrated); but, it will be part of the OSGi IdmService. I will provide more developer info as soon as this gets integrated (hopefully) this week.
Regards, Liem
-----Original Message----- From: Ed Warnicke (eaw) [mailto:eaw@...] Sent: Tuesday, August 19, 2014 12:24 PM To: Nguyen, Liem Manh Cc: Robert Varga -X (rovarga - Pantheon Technologies SRO at Cisco); aaa-dev@... Subject: Re: AuthN and netconf-tcp, netconf-ssh
Liem, We would need a direct Java binding… do you have DOCs on how to do that?
Ed On Aug 19, 2014, at 1:51 PM, Nguyen, Liem Manh <liem_m_nguyen@...> wrote:
> Hi Robert, > > AAA comes a built-in IdM server with a set of REST API to manage users/roles/domains. You can use this API to validate credentials from your service, basically passing in username/password/domain and getting back a set of roles for that user on the given domain. You can then do further authorization if needed in your service. > > More details on the IdM APIs here (Sorry, we are working on getting more formal documentation than a spreadsheet): > > > This work is not yet checked in, since we are still working on integrating it into Karaf (having issue with JAXB/JSON in Karaf)... > > Regards, > Liem > > -----Original Message----- > From: Ed Warnicke (eaw) [mailto:eaw@...] > Sent: Tuesday, August 19, 2014 7:48 AM > To: Robert Varga -X (rovarga - Pantheon Technologies SRO at Cisco); aaa-dev@...; Nguyen, Liem Manh > Subject: AuthN and netconf-tcp, netconf-ssh > > Liem, > Robert is wanting to explore using AAA for netconf-tcp and netconf-ssh for Helium. > As we've discussed, the need here is for netconf-{tcp,ssh} to be able to present credentials to authN, and find out if they are valid credentials. Hopefully this should be simple. Could you help Robert figure out the scope of the work? > > Ed
|
|
|
|
Maros Marsalek -X (mmarsale - Pantheon Technologies SRO@Cisco) <mmarsale@...>
Hi Liem, Moving AuthZ into ODL codebase sounds reasonable, but that needs to be addressed by Ed, Tony etc. I have pushed 2 commits: 1. ODL: https://git.opendaylight.org/gerrit/#/c/10318/ Extracted AuthProvider SPI bundle, Extracted UserManager backed AuthProvider into separate bundle 2. AAA: https://git.opendaylight.org/gerrit/#/c/10356/ Implemented AuthProvider SPI interface backed by CredentialAuth service. Please review Maros From: Nguyen, Liem Manh [liem_m_nguyen@...]
Sent: Tuesday, August 26, 2014 18:25 To: Maros Marsalek -X (mmarsale - Pantheon Technologies SRO at Cisco); Ed Warnicke (eaw); Tony Tkacik -X (ttkacik - Pantheon Technologies SRO at Cisco) Cc: Robert Varga -X (rovarga - Pantheon Technologies SRO at Cisco); aaa-dev@...; Kristian Kocsis -X (kkocsis - Pantheon Technologies SRO at Cisco); Mellquist, Peter; Nguyen, Liem Manh Subject: RE: AuthN and netconf-tcp, netconf-ssh Hi Maros,
Sounds good… Just a clarification: only the odl-aaa-authz feature/bundles (AuthZ) depend on ODL; the odl-aaa-authn feature/bundles (AuthN) do not. So, an alternative is we could have the AuthZ reside with the ODL codebase… AuthZ, of course, would depend on AuthN. Thoughts on the 2 different approaches? I personally like the fact that AuthZ should reside as close to the business/service layer as possible, since it ultimately understands the service logics for authorization.
Thanks, Liem
From: Maros Marsalek -X (mmarsale - Pantheon Technologies SRO at Cisco) [mailto:mmarsale@...]
Talked to Tony, He suggested that we introduce a new bundle in ODL with SPI for Authentication Service for Netconf. It would serve as an interface
between ODL netconf and Authentication Service implementations. Then there would be 2 implementations: From: Nguyen, Liem Manh [liem_m_nguyen@...] >> what shape is your service in ?
The snapshot is available in Nexus… The AuthN piece is working 100%; the IdM backend is being integrated (so not yet checked in)… Hopefully, it will be in earlier this week. For testing, you can just use the canned user (admin/odl).
Regards, Liem
From: Maros Marsalek -X (mmarsale - Pantheon Technologies SRO at
Cisco) [mailto:mmarsale@...]
Ok, I can take a look at that tomorrow. But its just 2 days(tomorrow and the day after) for me until code freeze, will be on PTO from Thursday. From: Ed Warnicke (eaw) Definitely Helium.
Ed On Aug 25, 2014, at 10:11 AM, Maros Marsalek -X (mmarsale - Pantheon Technologies SRO at Cisco) <mmarsale@...> wrote:
Hi Liem, From: Nguyen,
Liem Manh [liem_m_nguyen@...] Hi Ed,
So… the bundle would:
1. Get a reference to the org.opendaylight.aaa.api.CredentialAuth service from OSGi. 2. Call the authenticate() method on the service, passing in the user credentials (username/password) 3. The call will return back a Claim object, consisting of: a. Client id (if known) b. User id c. User name d. Domain name e. User roles If the credentials are not valid, a runtime AuthenticationException will be thrown.
Regards, Liem
From: Ed
Warnicke (eaw) [mailto:eaw@...]
Liem, Think of it this way: We have a bundle. The bundle gets user credentials. It needs to via a java service ask the AuthN to whether those credentials are valid or not (and what roles they correspond to).
How would we do that?
Ed
On Aug 22, 2014, at 3:44 PM, Nguyen, Liem Manh <liem_m_nguyen@...> wrote:
Hi Robert,
I am not sure I quite understand your comment about API macro, but the AuthN piece in AAA is designed to be independent of either AD-SAL or MD-SAL.
Regards, Liem
From: Robert
Varga -X (rovarga - Pantheon Technologies SRO at Cisco) [mailto:rovarga@...]
Hey Liem,
This looks like an API Maros (CC’d) will need to migrate the NETCONF bits away from AD-SAL.
Thanks, Robert
From: Nguyen,
Liem Manh [mailto:liem_m_nguyen@...]
Hi Robert,
While we are working on integrating the IdM server (almost there!), this is the service you can obtain from OSGi to do the authentication:
Currently, the only credential AAA supports out-of-the-box for direct authentication is username/password: PasswordCredentials.
Please let me know if you have any questions…
Regards, Liem
-----Original Message-----
No, we don't have any formal doc on that yet (will be Javadoc as soon as we get the IdM server integrated); but, it will be part of the OSGi IdmService. I will provide more developer info as soon as this gets integrated (hopefully) this week.
Regards, Liem
-----Original Message----- From: Ed Warnicke (eaw) [mailto:eaw@...] Sent: Tuesday, August 19, 2014 12:24 PM To: Nguyen, Liem Manh Cc: Robert Varga -X (rovarga - Pantheon Technologies SRO at Cisco); aaa-dev@... Subject: Re: AuthN and netconf-tcp, netconf-ssh
Liem, We would need a direct Java binding… do you have DOCs on how to do that?
Ed On Aug 19, 2014, at 1:51 PM, Nguyen, Liem Manh <liem_m_nguyen@...> wrote:
> Hi Robert, > > AAA comes a built-in IdM server with a set of REST API to manage users/roles/domains. You can use this API to validate credentials from your service, basically passing in username/password/domain and getting back a set of roles for that user on the given domain. You can then do further authorization if needed in your service. > > More details on the IdM APIs here (Sorry, we are working on getting more formal documentation than a spreadsheet): > > > This work is not yet checked in, since we are still working on integrating it into Karaf (having issue with JAXB/JSON in Karaf)... > > Regards, > Liem > > -----Original Message----- > From: Ed Warnicke (eaw) [mailto:eaw@...] > Sent: Tuesday, August 19, 2014 7:48 AM > To: Robert Varga -X (rovarga - Pantheon Technologies SRO at Cisco); aaa-dev@...; Nguyen, Liem Manh > Subject: AuthN and netconf-tcp, netconf-ssh > > Liem, > Robert is wanting to explore using AAA for netconf-tcp and netconf-ssh for Helium. > As we've discussed, the need here is for netconf-{tcp,ssh} to be able to present credentials to authN, and find out if they are valid credentials. Hopefully this should be simple. Could you help Robert figure out the scope of the work? > > Ed
|
|
|
|
Nguyen, Liem Manh <liem_m_nguyen@...>
Hi Maros,
I think we can worry about the md-sal authz piece later, since we don’t have it for Helium anyways. So… let’s focus on AuthN.
For AuthN, I really don’t want it to depend on other controller components, because let’s say if the netconf bundle fails to load for instance, then we won’t have AuthN. Having direct dependency from netconf to AuthN would also keep things simpler too.
Thoughts, Ed/Tony?
Thanks, Liem
From: Maros Marsalek -X (mmarsale - Pantheon Technologies SRO at Cisco) [mailto:mmarsale@...]
Hi Liem, From: Nguyen, Liem Manh [liem_m_nguyen@...] Hi Maros,
Sounds good… Just a clarification: only the odl-aaa-authz feature/bundles (AuthZ) depend on ODL; the odl-aaa-authn feature/bundles (AuthN) do not. So, an alternative is we could have the AuthZ reside with the ODL codebase… AuthZ, of course, would depend on AuthN. Thoughts on the 2 different approaches? I personally like the fact that AuthZ should reside as close to the business/service layer as possible, since it ultimately understands the service logics for authorization.
Thanks, Liem
From: Maros Marsalek -X (mmarsale - Pantheon Technologies SRO at Cisco)
[mailto:mmarsale@...]
Talked to Tony, He suggested that we introduce a new bundle in ODL with SPI for Authentication Service for Netconf. It would serve as an interface
between ODL netconf and Authentication Service implementations. Then there would be 2 implementations: From: Nguyen, Liem Manh [liem_m_nguyen@...] >> what shape is your service in ?
The snapshot is available in Nexus… The AuthN piece is working 100%; the IdM backend is being integrated (so not yet checked in)… Hopefully, it will be in earlier this week. For testing, you can just use the canned user (admin/odl).
Regards, Liem
From: Maros Marsalek -X (mmarsale - Pantheon Technologies SRO at Cisco)
[mailto:mmarsale@...]
Ok, I can take a look at that tomorrow. But its just 2 days(tomorrow and the day after) for me until code freeze, will be on PTO from Thursday. From: Ed Warnicke (eaw) Definitely Helium.
Ed On Aug 25, 2014, at 10:11 AM, Maros Marsalek -X (mmarsale - Pantheon Technologies SRO at Cisco) <mmarsale@...> wrote:
Hi Liem, From: Nguyen,
Liem Manh [liem_m_nguyen@...] Hi Ed,
So… the bundle would:
1. Get a reference to the org.opendaylight.aaa.api.CredentialAuth service from OSGi. 2. Call the authenticate() method on the service, passing in the user credentials (username/password) 3. The call will return back a Claim object, consisting of: a. Client id (if known) b. User id c. User name d. Domain name e. User roles If the credentials are not valid, a runtime AuthenticationException will be thrown.
Regards, Liem
From: Ed
Warnicke (eaw) [mailto:eaw@...]
Liem, Think of it this way: We have a bundle. The bundle gets user credentials. It needs to via a java service ask the AuthN to whether those credentials are valid or not (and what roles they correspond to).
How would we do that?
Ed
On Aug 22, 2014, at 3:44 PM, Nguyen, Liem Manh <liem_m_nguyen@...> wrote:
Hi Robert,
I am not sure I quite understand your comment about API macro, but the AuthN piece in AAA is designed to be independent of either AD-SAL or MD-SAL.
Regards, Liem
From: Robert
Varga -X (rovarga - Pantheon Technologies SRO at Cisco) [mailto:rovarga@...]
Hey Liem,
This looks like an API Maros (CC’d) will need to migrate the NETCONF bits away from AD-SAL.
Thanks, Robert
From: Nguyen,
Liem Manh [mailto:liem_m_nguyen@...]
Hi Robert,
While we are working on integrating the IdM server (almost there!), this is the service you can obtain from OSGi to do the authentication:
Currently, the only credential AAA supports out-of-the-box for direct authentication is username/password: PasswordCredentials.
Please let me know if you have any questions…
Regards, Liem
-----Original Message-----
No, we don't have any formal doc on that yet (will be Javadoc as soon as we get the IdM server integrated); but, it will be part of the OSGi IdmService. I will provide more developer info as soon as this gets integrated (hopefully) this week.
Regards, Liem
-----Original Message----- From: Ed Warnicke (eaw) [mailto:eaw@...] Sent: Tuesday, August 19, 2014 12:24 PM To: Nguyen, Liem Manh Cc: Robert Varga -X (rovarga - Pantheon Technologies SRO at Cisco); aaa-dev@... Subject: Re: AuthN and netconf-tcp, netconf-ssh
Liem, We would need a direct Java binding… do you have DOCs on how to do that?
Ed On Aug 19, 2014, at 1:51 PM, Nguyen, Liem Manh <liem_m_nguyen@...> wrote:
> Hi Robert, > > AAA comes a built-in IdM server with a set of REST API to manage users/roles/domains. You can use this API to validate credentials from your service, basically passing in username/password/domain and getting back a set of roles for that user on the given domain. You can then do further authorization if needed in your service. > > More details on the IdM APIs here (Sorry, we are working on getting more formal documentation than a spreadsheet): > > > This work is not yet checked in, since we are still working on integrating it into Karaf (having issue with JAXB/JSON in Karaf)... > > Regards, > Liem > > -----Original Message----- > From: Ed Warnicke (eaw) [mailto:eaw@...] > Sent: Tuesday, August 19, 2014 7:48 AM > To: Robert Varga -X (rovarga - Pantheon Technologies SRO at Cisco); aaa-dev@...; Nguyen, Liem Manh > Subject: AuthN and netconf-tcp, netconf-ssh > > Liem, > Robert is wanting to explore using AAA for netconf-tcp and netconf-ssh for Helium. > As we've discussed, the need here is for netconf-{tcp,ssh} to be able to present credentials to authN, and find out if they are valid credentials. Hopefully this should be simple. Could you help Robert figure out the scope of the work? > > Ed
|
|
|