we’re developing measuring devices for customers with different authentication methods.
It should be possible to connect with http Basic or Client certs. GenieACS does not have to check the Client cert.
Is it possible? The central Parameter cwmp.auth in admin/config is active for all cpes, isn’t it?
The ACS has not to handle the client cert. But is it possible that the ACS handles clients
with HTTP-Basic auth and clients without auth at the same time?
Let us forget the authentication with client cert.
The first client HTTP authenticated client uses HTTP basic credentials: “unique_username” / “secret_password”
The second client doesn’t use a authentication method.
Is this possible?
Just to remind: Our GenieAcs is not a productive system. We develop measuring devices
for different customers/providers which use TR-069 for provisioning their clients.
That’s not trivial. How GenieACS could be capable of detecting whether a client, from any source network address, requesting the same resource (the CWMP API) at the same URL needs to be challenged for HTTP basic auth or not? I think this could be easier if you put the single GenieACS instance behind some kind of authentication proxy, doing TLS auth or HTTP auth on distinct ACS URLs.