How to blacklist some users to prevent connection with server

[adamvm]

How can I blacklist given users to prevent connecting with server? I have external safety requirement to bloc logons for root and some functional users

[michalvasko]

For now, the users are read from the system and the exact same rules apply to them. So there is no blacklist, you can only disable their login on the system itself.

[adamvm]

Would it be accepted to add blacklist option to config of netopeer2 ? How I sould proceed if I decide to implement this by myself? PR ?

[michalvasko]

I do not really see a nice way to add this feature. Whole netopeer2-server configuration is described by the standard draft module ietf-netconf-server which at the time being implemented did not support everything we needed so the users are read from the system. We are waiting until the draft is finally published as an RFC and then want to implement completely separate authentication configuration for NETCONF. But the draft is dragging for years now so who knows when that will be.

[adamvm]

So probably I will go the way to apply local path before building. If you could point me to most optimal unction that I can apply "filter" for user names

[michalvasko]

Depending on the authentication method used, you can simply use your auth callback and accept/refuse whatever users you want. The default code using system users is several lines above.