NI Linux Real-Time Discussions

NIAuth users (like admin) exist in a separare database from system users (like lvuser, webserv, openvpn, sshd, etc) on NI Linux RT, so there are some differences in how you would manage the two sets of accounts:

• NIAuth users can only be managed from the WIF, on the Security Configuration page. There is unfortunately no programmatic API (C, LV, shell, etc) to interface with the database (except for password changes, see below).
• System users are stored in the Linux shadow database and can be managed from the shell via "shadow" utils like useradd, groupadd, usermod, groupmod.

Both the niauth and shadow databases provide a PAM interferce, which implement authentication and password change functions though a standard open API:

• http://www.linux-pam.org/Linux-PAM-html/adg-example.html
  • Many linux tools, like sshd and the login utility, use PAM, which is why you can log in as admin the serial console or via SSH.
• http://docs.oracle.com/cd/E19253-01/816-5172/pam-chauthtok-3pam/index.html
  • The passwd utility in NI Linux RT is configured to use PAM's chauthtok(), which allows changing of niauth user password from the command line. Other user/group management operations can only be done from the WIF.

Staab_Engineering wrote: I want to create a user for remote clients of the Variable Web Service and only allow it the permissions needed by that API.

You might consider using LabVIEW's system imaging VIs to deploy images with pre-configured NIAuth database to your systems.

Alternately, you could also write a script to copy the contents of /etc/natinst/share/niauth/ (niauth's database files) from one hand-configured system to your other targets over SSH. Just be sure to shut down niauth daemon (run `/etc/init.d/niauth stop`) before you do that. The database files are architecture-specific, so don't share them between ARM and x64 systems.