6.2.5.1 Access Control to the RLM Web Interface
It is possible to require users to log in to the RLM Web Interface.
The login capability is provided via the rlm password file, named rlm.pw
. If this file exists in the directory with the rlm binary, then the RLM Web Interface will require users to log in before they can perform any actions. Reprise Software recommends that you protect access to this file so that ordinary users can't write it. The RLM password file, as well as the directory which contains it, must be read-write to the rlm process.
The RLM password file has one line for each user, formatted as follows:
username:password:list-of-permissions
The username must not contain a ':' character.
If the password field is blank, then the user can log in without supplying a password. To change their password, select the “Change Password” menu item once logged in as that user. The password field is an encrypted hash of the actual password (similar to the Unix password file).
The list-of-permissions field is a comma-separated list of the various privileges which you can assign to this user. These names are the same names you would use in the RLM options file if you were controlling access without logins enabled, with the addition of the special “all” permission, which enables all operations. If you use the RLM password file to control access, you should not use the RLM options file to control access.
Privilege | Meaning | Notes |
---|---|---|
all | Special privilege name, enables all privileges | |
edit_meter | Allows modifying count for meter counters | Enables “status” privilege even if not present |
edit_options | Allows editing options files for ISV servers | Enables “status” privilege even if not present |
edit_rlm_options | Allows editing license files and options files for the rlm server | Enables “status” privilege even if not present |
edit_xfer | Allows editing server-server license transfer settings for ISV servers | Enables “status” privilege even if not present |
extend_roam | Allows this user to extend roam duration for already-roaming licenses. | |
logfiles | Enables the functions which change log files - switch, switchr, newlog | |
remove | Allows the user to remove a license from a running process | Enables “status” privilege even if not present |
reread | Allows access to the functions which do reread commands on license servers | |
shutdown | Allows access to the functions which shut down license servers | Enables “status” privilege even if not present |
status | Allows display of status and debug log information from the license servers |
A user with no privileges assigned will have access to the “Activate License”, “Diagnostics”, “RLM Manual...”, “System Info”, “About”,“Change Password”, and “Logout” commands.
A couple of example password line entries shown here:
tom:$5ukMApW1jixwcrGqRALO91:all
harry::edit_options,edit_rlm_options,reread
User “tom” has a password assigned, and can perform all actions with the web interface. User “harry” has no password (therefore no password is required to log in), and has the edit options, edit rlm options, as well as reread privileges assigned. He will also be able to view status.