Author Topic: web ui login without mios account  (Read 3932 times)

Offline oscarmax

  • Sr. Newbie
  • *
  • Posts: 20
  • Karma: +0/-0
web ui login without mios account
« on: May 10, 2013, 04:30:59 pm »
Hi,

I want to turn of the local password request when someone inside my network tries to access my vera lite. I know that it isn't secure but if someone have hacked into my wifi Im pretty sure he can hack
my vera aswell.

I've read that turning on local password is done by mios account and I refuse to link or setup my vera to external server - horrified that this isn't an option to turn off.

I guess some ppl have done this by just editing the lighttpd.conf so not having the time to do the trial and error approach I hope ppl here has the correct way ready and tested?


Offline garrettwp

  • Beta Testers
  • Master Member
  • *****
  • Posts: 6371
  • Karma: +227/-128
  • Vera 3, Lite, ISY994
Re: web ui login without mios account
« Reply #1 on: May 10, 2013, 05:23:23 pm »
The only way you can do this is like you mentioned, you'll need to manual edit the lighttpd and generate the password file. Instructions can be found on the forum using the search function. I wrote a guide also allowing for https access that is on the forum as well.

- Garrett

Offline oscarmax

  • Sr. Newbie
  • *
  • Posts: 20
  • Karma: +0/-0
Re: web ui login without mios account
« Reply #2 on: May 10, 2013, 08:27:17 pm »
Jupp found the post and it did the trick.

thanks.

like your Android app btw.

Offline garrettwp

  • Beta Testers
  • Master Member
  • *****
  • Posts: 6371
  • Karma: +227/-128
  • Vera 3, Lite, ISY994
Re: web ui login without mios account
« Reply #3 on: May 10, 2013, 09:12:11 pm »
Glad you were able to figure it out. And thank you.

- Garrett

Offline waldo22

  • Newbie
  • *
  • Posts: 2
  • Karma: +0/-0
Re: web ui login without mios account
« Reply #4 on: March 24, 2014, 12:58:01 am »
Jupp found the post and it did the trick.

Here is the post in question, I think.

Since this comes up in Google when searching for "veralite password without mios", I thought I would supply the link and save others some searching.

I am currently using my VeraLite with SSL and a wildcard SSL certificate (which secures anything.mydomain.com) thanks to garrettwp's excellent instructions here.

The only thing I had to do to get it to work with a trusted CA certificate (that you don't have to do with Apache) is to "sign" your certificate with your private key file, creating a .pem file.
Code: [Select]
cat myPrivateKey.key mySSLcertificate.crt > mySignedCertificate.pem
...so 2x thank you to garrettwp!

This should mean I can send commands directly to the Vera over the public Internet with a Perl script using only port 443, and not have to expose port 3480 and Lua vulnerabilities, and actually have it secured with a password, and not have to worry about said password being transmitted in plain-text over the public Internet.

So I can open an address like:
Code: [Select]
https://myhouse.mydomain.com/port_3480/data_request?id=action&output_format=json&DeviceNum=3&serviceId=urn:micasaverde-com:serviceId:DoorLock1&action=SetTarget&newTargetValue=0 ...and presumably pass the user and password parameters and have secure remote access.

-Wes