Articles in this section

See more

How-to: Add user or edit user's password in SkyFormation webapp

Avatar
Nadav Lavy
  • Updated
Follow

Preface

SkyFormation ships by default with:
a. its own build-in users, roles and passwords management
b. passwords stored as clear-text

For best security we recommend on using an external LDAP/AD for users, roles and passwords management. See: Setting SkyFormation to use your AD/LDAP for authentication.

If such AD/LDAP is not available we recommend on changing the default clear-text based passwords with a more secure hashed passwords by following the guide at:
How-to: Replace the clear-text passwords mechanism with hashed passwords one

This guide assume you are using the default users and roles management mechanism with either
the clear-text or hashed passwords option. 

Adding/Removing a user

  1. SSH to your SkyFormation machine

  2. Find where the Skyformation's conf files folder
    sudo docker volume inspect --format='{{.Mountpoint}}' sk4_conf 

    e.g. /var/lib/docker/volume/sk4_conf/_data

    If your SkyFormation app is SkyFormation OEM edition, you might find the SkyFormation's conf folder in a different location (e.g. /opt/[partner name]/data/sk4)

  3. Make a backup copy to the client-shiro.ini file in the conf folder
    1. sudo cp <sk4 conf folder>/shiro/client-shiro.ini<sk4 conf folder>/shiro/client-shiro.ini.orig
    sudo cp <sk4 conf folder>/shiro/client-shiro.ini<sk4 conf folder>/shiro/client-shiro.ini.orig

  4. Edit the client-shiro.ini file 
    e.g. sudo vi <sk4 conf folder>/shiro/client-shiro.ini

  5. Under the users section, add new row for each user you would like to allow access to
    SkyFormation app (or remove the line with the user you would like to remove access for).

    5.1. Example for SkyFormation instance uses the clear-text password mechanism:

           [USERS]
            sk4admin = thisuserspasswordhere, sk4-admin
                mynewuser=mynewpassword, sk4-admin

            Explanation:
               mynewuser - the new user name 
               mynewpassword - the user's clear text password 
               sk4-admin - the needed role to access the SkyFormation application 

    5.2. Example for SkyFormation instance uses the hashed password mechanism:

           [USERS]
            sk4admin =4f553c2977303e6727e4e6686fc16971cced06a2cc66, sk4-admin
                mynewuser=727e4e6686fc16971cced06a2cc6669a73d9f38942cf, sk4-admin

            Explanation:
               mynewuser - the new user name 
               727e4e6686fc16971cced06a2cc6669a73d9f38942cf - the user's hashed password 
               sk4-admin - the needed role to access the SkyFormation application 

               To generate the new hashed password please refer to:
               How-to: Generate a hashed password for the SkyFormation webapp

  6. When done editing save the changes and exit the editor

  7. Restart the SkyFormation service
    sudo systemctl restart sk4compose

Replacing an existing user's password

  1. SSH to your SkyFormation machine

  2. Find where the Skyformation's conf files folder
    sudo docker volume inspect --format='{{.Mountpoint}}' sk4_conf 

    e.g. /var/lib/docker/volume/sk4_conf/_data

    If your SkyFormation app is SkyFormation OEM edition, you might find the SkyFormation's conf folder in a different location (e.g. /opt/[partner name]/data/sk4)

  3. Make a backup copy to the client-shiro.ini file in the conf folder
    sudo cp <sk4 conf folder>/shiro/client-shiro.ini <sk4 conf folder>/shiro/client-shiro.ini.ori

  4. Edit the client-shiro.ini file 
    e.g. sudo vi <sk4 conf folder>/shiro/client-shiro.ini

  5. Under the users section, add new row for each user you would like to allow access to
    SkyFormation app (or remove the line with the user you would like to remove access for).

    5.1. Example for SkyFormation instance uses the clear-text password mechanism:

           [USERS]
         
           sk4admin = oldpassword, sk4-admin

           Explanation:
               sk4admin - The user you would like its password. Leave as is.
               oldpassword - The password you need to replace with the new one
               sk4-admin - The role of the user you change its password. Leave as-is.

    5.2. Example for SkyFormation instance uses the hashed password mechanism:

           [USERS]

                sk4admin = 2977303e6727e4e6686fc16971cc, sk4-admin

                Explanation:
                sk4admin - The user you would like its password. Leave as is.
                2977303e6727e4e6686fc16971cc - The hashed password you need to replace.
                sk4-admin - The role of the user you change its password. Leave as-is.     
     
                To generate the new hashed password please refer to:
                How-to: Generate a hashed password for the SkyFormation webapp

       
      6. When done editing save the changes and exit the editor

      7. Restart the SkyFormation service
          sudo systemctl restart sk4compose

Done

 

Related articles

Comments

0 comments

Article is closed for comments.