DALI supports restricting access to channels to requests which are accompanied by a username and password. This information is transmitted with the request using HTTP standard Basic Authentication which scrambles the information to conceal it from casual observation, but is vulnerable to interception if the client or server are on untrusted networks.
The usernames and passwords are stored in a Unix standard password file,
which contains pairs of usernames and Unix crypt()
encrypted
passwords separated by colons. While the passwords are encrypted, this
security is vulnerable to brute force decryption so the password file should be
protected from access by untrusted users. This file can be managed by the
htpasswd program which is included in the /usr/local/dali/bin
directory. The htpasswd command supports multiple password encryption options,
but only the default crypt option is supported by DALI.
To add a new user to the default DALI password file type the following
command from the /usr/local/dali/bin
directory. You can also use this command
to change the password associated with a user.
htpasswd /usr/local/dali/etc/passwd myuser
mypassword
To remove users you can simply edit the passwd file and delete the line for that user.
See the configuration section of the manual for information on restricting channel access to valid users.
Group based authentication is not yet supported by DALI but will be included soon.