Synopsis
--------
-**ganeti-rapi** [-d] [-f] [--no-ssl] [-K *SSL_KEY_FILE*] [-C
-*SSL_CERT_FILE*]
+| **ganeti-rapi** [-d] [-f] [\--no-ssl] [-K *SSL_KEY_FILE*]
+| [-C *SSL_CERT_FILE*] [\--require-authentication]
DESCRIPTION
-----------
``--no-ssl`` option, or alternatively the certificate used can be
changed via the ``-C`` option and the key via the ``-K`` option.
-The daemon will listen to the "ganeti-rapi" tcp port, as listed in the
+The daemon will listen to the "ganeti-rapi" TCP port, as listed in the
system services database, or if not defined, to port 5080 by default.
See the *Ganeti remote API* documentation for further information.
ACCESS CONTROLS
---------------
-All query operations are allowed without authentication. Only the
+Most query operations are allowed without authentication. Only the
modification operations require authentication, in the form of basic
-authentication.
+authentication. Specify the ``--require-authentication`` command line
+flag to always require authentication.
The users and their rights are defined in the
-``@LOCALSTATEDIR@/lib/ganeti/rapi/users`` file. The users
-should be listed one per line, in the following format::
-
- username password options
-
-Currently the *options* field should equal the string ``write`` in
-order to actually give write permission for the given users. Example::
-
- rclient secret write
- guest testpw
-
-The first user (*rclient*) has read-write rights, whereas the second
-user (*guest*) only has read (query) rights, and as such is no
-different than not using authentication at all.
-
-More details (including on how to use hashed passwords) can be found
-in the Ganeti documentation.
+``@LOCALSTATEDIR@/lib/ganeti/rapi/users`` file. The format of this file
+is described in the Ganeti documentation (``rapi.html``).
.. vim: set textwidth=72 :
.. Local Variables:
projects / ganeti-local / blobdiff