The .csipasswd file

Basic access authentication was implemented in the form of an encrypted password file named .csipasswd. It defines read/write access to the web interface. A file named .csipasswd is stored, and hidden, on the data logger CPU drive. Multiple user accounts with differing levels of access can be defined for one data logger. Four levels of access are available:

  • Anonymous: Read-only access. This account cannot be removed, but privileges can be disabled.

  • Read Only: Data collection is unrestricted. Clock and writable variables cannot be changed. Programs cannot be viewed, stopped, deleted, or retrieved.

  • Read/Write: Data collection is unrestricted. Clock and writable variables can be changed. Programs cannot be viewed, stopped, deleted, or retrieved.

  • All (Administrator): Data collection is unrestricted. Clock, writable variables and settings can be changed. Programs can be viewed, stopped, deleted, and retrieved. Hidden tables can be viewed. Files, including programs can be sent to the data logger.

NOTE:

All levels of access allow data collection.

Starting with OS version 13.0, the .csipasswd file must be updated with Device Configuration Utility. The data logger will no longer accept .csipasswd files sent with web API commands or from the RTMC Web Publisher. If you are using the RTMC Web Publisher to publish directly to a data logger you will now need to configure the .csipasswd with Device Configuration Utility.

NOTE:

Ethernet over USB (RNDIS) is considered a direct communications connection. Therefore, it is a trusted connection and Administrator privileges are automatically granted for all functionality (csipasswd does not apply).

Create an encrypted password file or modify an existing password file using Device Configuration Utility:

  1. Connect to your device in ClosedDevice Configuration Utility Software tool used to set up data loggers and peripherals, and to configure PakBus settings before those devices are deployed in the field and/or added to networks. Also called DevConfig..

  2. Click the Network Services tab, then the Edit .csipasswd File button.

  3. Define user accounts and access levels.

  4. Click Apply. The .csipasswd file is automatically saved to the data logger CPU drive.

When access to the data logger web interface is attempted without the appropriate security level, the data logger will prompt for a username and password. If an invalid username or password is entered, the data logger will default to the level of access assigned to “anonymous”. As noted previously, anonymous is assigned a user level of read-only, though this can be changed using Device Configuration Utility.

When a .csipasswd file is used, the PakBus/TCP Password security setting is not used when accessing the data logger via HTTP.

CAUTION:

The .csipasswd file is not reset or deleted when setting the data logger back to factory defaults or formatting the CPU drive.

Deprecated API functionality

Starting with OS version 13.0, the .csipasswd file must be updated with Device Configuration Utility. The data logger will no longer accept .csipasswd files sent with web API commands or from the RTMC Web Publisher.

See the CRBasic Editor help for information about the data logger web server and API commands: https://help.campbellsci.com/crbasic/cr6/#Info/webserverapicommands1.htm .