Hi,
I’m setting up some basic RPC authentication. Maybe I’m not including something I should, but following the documentation it doesn’t seem so.
I added the rpc_auth file and configured rpc.auth_domain and rpc.auth_file; nothing changed and I could access all RPCs.
Then I added the rpc_acl file and configured rpc.acl_file; then it started to work.
Since in the doc both actions are under different subjects, and the text says “RPCs that are authenticated, could be checked”, I naively thought that when there is no ACL, the authentication would still take place and all valid users would get access to RPCs, with no access otherwise.
Unless I’m missing something, both authentication and authorization must be configured
