context getusername is always admin though there is no user admin and PAM enabled

spudukko · ‎04-05-2018

Whenever i get username from service context on Java , it returns admin

I have enabled pam authentication in ncs.conf and there is no aaa enabled and linux box had no user named admin and when i create my service using a user (XYZ) with pam authentication added to ncsadmin , the username from context always returns admin

$ id -u admin

$ id: ‘admin’: no such user

admin@ncs% show aaa

No entries found.

[ok][2018-04-05 15:40:36]

ncs_cli -u xyz

set my service

ncs.conf

<pam>

<service>common-auth</service>

</pam>

here context is obtained from service:

ServiceContextImpl contextImpl = (ServiceContextImpl) context;

String ctxuser=contextImpl.getCurrentDpTrans().getUserInfo().getUserName();

when do a service from ncs_cli using user XYZ , it should give username as XYZ instead of admin ..

I am missing something. Please help me in understanding

Dan.Sullivan · ‎04-10-2018

Hi,

NSO doesn't validate the user/password information when you execute a ncs_cli -u admin. Now if you were to ssh directly to NSO (I believe thats port 2024) then you won't be able to log in. NSO assumes the service its deployed on is secure. Its is expected "normal" NSO users won't access NSO through the ncs_cli command but rather direct ssh or programmatically

-Dan

spudukko · ‎04-10-2018

Hi Dan,

Thanks for replying back. When we create a nso package and we have java logic establishing maapi session towards NSO, under what username is it correct to establish session.

I believe we can use admin or system . Is it possible not to hardcode a username while establishing session and get it dynamically from nso environment.

Regards

Subramanian

Dan.Sullivan · ‎04-10-2018

You should dynamically get the username

-Dan

spudukko · ‎04-10-2018

How to get the username dynamically ?

Dan.Sullivan · ‎04-11-2018

One more question, are you running with a system install or a local install of NSO?

-Dan