 |
High Performance OPC UA Server SDK
1.1.0.158
|
|
High Performance OPC UA Server SDK
1.1.0.158
|
The server allows to authenticate users in different manners like username and password or X509 certificate when a session is activated. The user’s credentials are then verified with one of the available authentication backends. Only one backend can be activated at the same time. The following backends are currently available:
To activate a backend, the according backend must be selected using the cmake option UA_AUTHENTICATION_BACKEND. This may enable further backend specific cmake options.
This backend disables authentication and allows everybody with network access to access your server and read/write values. Thus the null backend is generally not recommended and should only be used where public access is denied and the complete network infrastructure and devices are under full control of the administrator.
The internal backend stores usernames and passwords and verifies new sessions against these. Passwords can be either stored as cleartext or as SHA-256 hash with additional salt.
At the start of the server users and passwords can be imported from file, if filesystem support is enabled. One line of the file represents one user and can have the following form:
Cleartext:
SHA-256:
The username, salt and cleartext password may contain any printable characters except ':' and '#'. The hashed password is kept as hexadecimal string, so the password itself may contain any characters.
To easily create and edit the password file, the SDK includes the uapasswd tool.
If using a filesytem is no appropiate solution, users can be directly added from within the code using ua_authentication_add_user.
To generate a salt and to hash the password, the uapasswd tool with the -n option can be used.