Configure pfSense through xml/rpc
jeanmarieclement last edited by
after some search and tries, i am on my way to try to configure pfSense - well, Squidguard, exactly - through XML/RPC. My goal is to provide 'normal' users with a simple interface to configure internet access for groups of computers. I started my search in this post (16399, http://forum.pfsense.org/index.php/topic,16399.0.html ), then recently found some topics about XML/RPC.
I did some tries which worked with the pfsense.php_eval function.
Ive got some questions.
I am first bothered by the fact that I have to send the admin credentials in plain text over the network (currently using http:80). Is there a particular reason why the password is not crypt()ed on client side of the rpc, and compared to the crypt()ed passwd on server? Would I break something if I would modify the xmlrpc_auth() in this respect?
Then: I plan to have the simple interface on another server, which authenticates users through PHP against an LDAP-Server. When allowed, a webgui allows users to configure access for a group of computer (classroom). Upon validation, the change request is sent to the pfsense server through XML/RPC. Is this approach ok, I mean, feasible and secure?
I'm still not clear, which rpc function I'll have to call. backup/restore_config? exec_shell? exec_php? a new, written by me? If you've any clue, i would be glad…
Thanks in advance,