netopeer2 icon indicating copy to clipboard operation
netopeer2 copied to clipboard

Published 20 hours ago verified publisher icon CESNET

NACM Recovery Session via TLS ? - Question

Open pramodpillaip opened this issue 3 years ago • 3 comments

Hi , As per the clarification provide in issue #1125, I understood that that Recovery session is possible via SSH session.

The new question is does Netopeer2 support Recovery session via TLS session ?

Regards Pramod

pramodpillaip avatar Jan 20 '22 06:01 pramodpillaip

I understood that that Recovery session is possible via SSH session.

I do not know what you gave you that idea, the recovery session is not specific to any transport protocol. You you create a NETCONF session over TLS and the resolved username matches the recovery user UID, it should work.

michalvasko avatar Jan 20 '22 08:01 michalvasko

I understood that that Recovery session is possible via SSH session.

I do not know what you gave you that idea, the recovery session is not specific to any transport protocol. You you create a NETCONF session over TLS and the resolved username matches the recovery user UID, it should work.

In the file netconf_acm.c the function ncac_getpwnam calls getpwnam_r ( .. ) to get the UID of the user. And I assume that this uid is picked up from /etc/passwd. This made to me to think that it works only for SSH.

Wondering how will this work for TLS session ?

For TLS the username can be embedded in the SubjectAlt name of EndEntity certificate. And the username need not be associated with the Linux user account and hence there need not be a UID associated with it.

pramodpillaip avatar Jan 20 '22 15:01 pramodpillaip

What you said is true but also what I have replied before, please read it again.

michalvasko avatar Jan 21 '22 07:01 michalvasko