Preface
SkyFormation ships by default with:
a. its own build-in users, roles and passwords management
b. passwords stored as clear-text
For best security we recommend on using an external LDAP/AD for users, roles and passwords management. See: Setting SkyFormation to use your AD/LDAP for authentication.
If such AD/LDAP is not available we recommend on changing the default clear-text based passwords with a more secure hashed passwords by following the guide at:
How-to: Replace the clear-text passwords mechanism with hashed passwords one
This guide assume you are using the default users and roles management mechanism with either
the clear-text or hashed passwords option.
Adding/Removing a user
- SSH to your SkyFormation machine
- Find where the Skyformation's conf files folder
sudo docker volume inspect --format='{{.Mountpoint}}' sk4_conf
e.g. /var/lib/docker/volume/sk4_conf/_data
If your SkyFormation app is SkyFormation OEM edition, you might find the SkyFormation's conf folder in a different location (e.g. /opt/[partner name]/data/sk4) - Make a backup copy to the client-shiro.ini file in the conf folder
sudo cp <sk4 conf folder>/shiro/client-shiro.ini<sk4 conf folder>/shiro/client-shiro.ini.orig
sudo cp <sk4 conf folder>/shiro/client-shiro.ini<sk4 conf folder>/shiro/client-shiro.ini.orig
- Edit the client-shiro.ini file
e.g. sudo vi <sk4 conf folder>/shiro/client-shiro.ini
- Under the users section, add new row for each user you would like to allow access to
SkyFormation app (or remove the line with the user you would like to remove access for).
5.1. Example for SkyFormation instance uses the clear-text password mechanism:
[USERS]
sk4admin = thisuserspasswordhere, sk4-admin
mynewuser=mynewpassword, sk4-admin
Explanation:
5.2. Example for SkyFormation instance uses the hashed password mechanism:
mynewuser - the new user name
mynewpassword - the user's clear text password
sk4-admin - the needed role to access the SkyFormation application
[USERS]
sk4admin =4f553c2977303e6727e4e6686fc16971cced06a2cc66, sk4-admin
mynewuser=727e4e6686fc16971cced06a2cc6669a73d9f38942cf, sk4-admin
Explanation:
To generate the new hashed password please refer to:
mynewuser - the new user name
727e4e6686fc16971cced06a2cc6669a73d9f38942cf - the user's hashed password
sk4-admin - the needed role to access the SkyFormation application
How-to: Generate a hashed password for the SkyFormation webapp - When done editing save the changes and exit the editor
- Restart the SkyFormation service
sudo systemctl restart sk4compose
Replacing an existing user's password
- SSH to your SkyFormation machine
- Find where the Skyformation's conf files folder
sudo docker volume inspect --format='{{.Mountpoint}}' sk4_conf
e.g. /var/lib/docker/volume/sk4_conf/_data
If your SkyFormation app is SkyFormation OEM edition, you might find the SkyFormation's conf folder in a different location (e.g. /opt/[partner name]/data/sk4) - Make a backup copy to the client-shiro.ini file in the conf folder
sudo cp <sk4 conf folder>/shiro/client-shiro.ini <sk4 conf folder>/shiro/client-shiro.ini.ori
- Edit the client-shiro.ini file
e.g. sudo vi <sk4 conf folder>/shiro/client-shiro.ini
- Under the users section, add new row for each user you would like to allow access to
SkyFormation app (or remove the line with the user you would like to remove access for).
5.1. Example for SkyFormation instance uses the clear-text password mechanism:
[USERS]
sk4admin = oldpassword, sk4-admin
Explanation:
5.2. Example for SkyFormation instance uses the hashed password mechanism:
sk4admin - The user you would like its password. Leave as is.
oldpassword - The password you need to replace with the new one
sk4-admin - The role of the user you change its password. Leave as-is.
[USERS]
sk4admin = 2977303e6727e4e6686fc16971cc, sk4-admin
Explanation:
sk4admin - The user you would like its password. Leave as is.
2977303e6727e4e6686fc16971cc - The hashed password you need to replace.
sk4-admin - The role of the user you change its password. Leave as-is.
To generate the new hashed password please refer to:
How-to: Generate a hashed password for the SkyFormation webapp
6. When done editing save the changes and exit the editor
7. Restart the SkyFormation service
sudo systemctl restart sk4compose
Done
Comments
0 comments
Article is closed for comments.