Project

General

Profile

Forums » Open discussion »

Wt::Auth in a minimal Linux system

Added by Or Goshen 20 days ago

I consider using Wt C++ to write the Web interface to a device that is similar to a home router in nature.
It has a minimal Linux on it with a small flash drive that doesn't allow too many writes to it.

I have 2 questions:

  1. I want to use Linux PAM for authentication which doesnt provide the hashed password to me but accepts a username + password and checks them for me. This brings up the question - how do I use Wt:Auth in a situation where I use it as a proxy for an authentication mechanism that accepts username and password ?
  2. Suppose I use the Sqlite3 solution and keep the password in DB. I am not interested in keeping temporary session data on flash (to minimize writes to minimum possible), only the usernames + passwords (hashes of passwords). This brings up the question - How do I break up the auth backend DB into 2 DBs ? one for persistent data (username + password) and one for everything else (session data for example).

How do I do all of that without doing massive rewriting of the services ?

Thanks.


Replies (1)

RE: Wt::Auth in a minimal Linux system - Added by Matthias Van Ceulebroeck 11 days ago

Hello Or,

  1. you'll have to reimplement a couple of items, similar to the approach here: https://redmine.emweb.be/boards/2/topics/11128, althought you probably can change a lot of the AuthInfo stuff. I suspect that you will have to do something similar to:

    • add a custom identity that will keep track of the identity that PAM provides
    • implement retrieving this identity from your custom AbstractUserDatabase
    • depending on which UI you want to maintain, you'll also have to change a couple places in AuthModel (as this supposes that username/password is essentially very baked in).

  2. You are certainly able to split this up. You can create two SqlConnections, and in case of the Sqlite3 backend, use the :memory: database, to map the database to memory. In the two instances you can map only the relevant tables you require to these sessions.
    Be mindful on using them, that the right session is used for the correct functionality.

I have used this before, nor implemented this approach. I have had similar things pop-up, but I suspect that this should provide the rough outline you ought to follow.

Good luck, and let me know if there is anything more I can do for you!

Matthias

    (1-1/1)