Feature #809

Config sync username change

Added by Chris Buechler about 10 years ago. Updated almost 4 years ago.

Target version:
Start date:
Due date:
% Done:


Estimated time:


The username for the config sync user must be 'admin'.

Associated revisions

Revision fb1234ab (diff)
Added by Renato Botelho about 4 years ago

Add specific permission to allow HA XMLRPC sync. It fixes #809


#1 Updated by Jim Pingle about 10 years ago

Looks like it takes the ID of the first user and uses that for XMLRPC sync, and since the admin user can't be renamed, it's locked to that. We may just need an additional field in the settings for the user ID to sync and default to admin if that's blank.

We might also need some way to test to ensure that the userid given has the xmlrpclibrary page permission.

#2 Updated by Jim Pingle over 8 years ago

  • Category changed from CARP to XMLRPC

#3 Updated by Paul Rensing almost 6 years ago

Still a problem. Version 2.1.5

#4 Updated by Antoine Rodriguez over 5 years ago

The bug is still here in version 2.2 64bit.

The "Remote System Username" field into Firewall->Virtual IP->CARP Settings is not used.

If we create another user and set the user inside that field the CARP is unable to authenticate with it's peer giving the following messages :
- From the destination peer :
pfSense php-fpm[77914]: /xmlrpc.php: webConfigurator authentication error for 'admin' from XXX.XXX.XXX.XXX
- From the source peer :
[ An authentication failure occurred while trying to access https://XXX.XXX.XXX.XXX:443 (pfsense.host_firmware_version).]

The only way to do it work is to use the admin user of pfsense.

Best regards

#5 Updated by Manfred Bongard over 5 years ago

Problem still exist Version 2.2.2

#6 Updated by Brett Merrick about 5 years ago

  • Bug #1971 (Rejected): carp sync username not honored
  • Bug #1736 (Closed): Allow other users to be used as authenticator in xmlrpc exchanges

The xmlrpc username is hardcoded to use the username 'admin'.

Inline comments state:

xmlrpc_auth: Handle basic crypt() authentication of an XMLRPC request. This function assumes that
                 $params[0] contains the local system's plaintext password and removes the password from
                 the array before returning it.

XXX: Should teach caller to pass username and use it here.

This would involve modification of every piece of code that interacts with an XML_RPC_Message to include/parse the username. This not an insignificant undertaking in terms of coding and testing. Perhaps disproportionate to the value it would add?

It seems that this work may overlap or be better encompassed by the following:
  • Todo #3734 (New): Update PEAR XML_RPC Client/Server

Some feedback on the value of this option would be useful.

I suspect the sensible interim action would be, as previously suggested, to:

  • remove the username option from the sync configuration to prevent confusion.

I would like to proceed with submitting a pull request to mask the username option if there are no further objections/concerns/suggestions?

#7 Updated by Chris Buechler about 5 years ago

yeah that's fine to remove the username field, no point in having it right now. Pull request welcome. Thanks!

#9 Updated by Renato Botelho about 4 years ago

  • Assignee set to Renato Botelho
  • Target version changed from Future to 2.4.0

#10 Updated by Renato Botelho about 4 years ago

  • % Done changed from 0 to 80

When converting code to XML_RPC2 I implemented a usrename parameter on every xmlrpc method. It's just missing privilege check, that I'll take care now

#11 Updated by Renato Botelho about 4 years ago

  • Status changed from New to Feedback
  • % Done changed from 80 to 100

#12 Updated by Jim Pingle almost 4 years ago

  • Status changed from Feedback to Resolved

Works, can XMLRPC sync so long as the user has the "System - HA node sync" privilege.

Also available in: Atom PDF