6.2.5.1 Access Control to the RLM Web Interface

It is possible to require users to log in to the RLM Web Interface.

The login capability is provided via the rlm password file, named rlm.pw. If this file exists in the directory with the rlm binary, then the RLM Web Interface will require users to log in before they can perform any actions. Reprise Software recommends that you protect access to this file so that ordinary users can't write it. The RLM password file, as well as the directory which contains it, must be read-write to the rlm process.

The RLM password file has one line for each user, formatted as follows:

username:password:list-of-permissions

The username must not contain a ':' character.

If the password field is blank, then the user can log in without supplying a password. To change their password, select the “Change Password” menu item once logged in as that user. The password field is an encrypted hash of the actual password (similar to the Unix password file).

The list-of-permissions field is a comma-separated list of the various privileges which you can assign to this user. These names are the same names you would use in the RLM options file if you were controlling access without logins enabled, with the addition of the special “all” permission, which enables all operations. If you use the RLM password file to control access, you should not use the RLM options file to control access.

Table 6-3. RLM privileges assignable in the RLM password file
PrivilegeMeaningNotes
allSpecial privilege name, enables all privileges
edit_meterAllows modifying count for meter countersEnables “status” privilege even if not present
edit_optionsAllows editing options files for ISV serversEnables “status” privilege even if not present
edit_rlm_optionsAllows editing license files and options files for the rlm serverEnables “status” privilege even if not present
edit_xferAllows editing server-server license transfer settings for ISV serversEnables “status” privilege even if not present
extend_roamAllows this user to extend roam duration for already-roaming licenses.
logfilesEnables the functions which change log files - switch, switchr, newlog
removeAllows the user to remove a license from a running processEnables “status” privilege even if not present
rereadAllows access to the functions which do reread commands on license servers
shutdownAllows access to the functions which shut down license serversEnables “status” privilege even if not present
statusAllows display of status and debug log information from the license servers

A user with no privileges assigned will have access to the “Activate License”, “Diagnostics”, “RLM Manual...”, “System Info”, “About”,“Change Password”, and “Logout” commands.

A couple of example password line entries shown here:

tom:$5ukMApW1jixwcrGqRALO91:all

harry::edit_options,edit_rlm_options,reread

User “tom” has a password assigned, and can perform all actions with the web interface. User “harry” has no password (therefore no password is required to log in), and has the edit options, edit rlm options, as well as reread privileges assigned. He will also be able to view status.