Manage Local Users

Add Local User

1. Go to Security :: Local Accounts.
2. Click Add (displays dialog).
    
   
   
3. Enter Username.
4. On the Account Type menu, select one.
   • Regular Account radio button (expands dialog).
      
     
     
     • Enter Password and Confirm Password (If the password is in a hash format, select the Hash Format Password checkbox.).
       Alternatively, select Require password change at the login time checkbox.
       
       
       Note:

       Set the password based on the rules defined under the Security :: Password Rules tab. You can change the rules from the same tab.
   • API Account radio button
     • An API Account will only have access to API requests (not CLI nor WebUI). The API Key can be used directly for API requests authentication in any endpoint, using the api_key and username headers instead of authenticating to get a ticket and then using the ticketheader. For example:
       ShellShell

       curl -X GET "https://nodegrid/api/v1/system/preferences" \
           -H "accept: application/json" -H "Content-Type: application/json" \
           -H "api_key: 0PPEC37CuhKJ68fHEh+ihfjh7nW0tZfDAg==" \
           -H "username: myapiuser" -k

     • To turn the user into an API Account, select the API Account option. The API Key will be automatically generated and displayed.
     • On the API Key, follow this instruction: "Copy and store the API Key as it will not be possible to recover it after clicking on Save button."
5. (optional) Account Expiration Date (YYYY-MM-DD).
6. On the User Group panel, select from the left-side panel, and click Add► to move to the right-side panel. To remove from the right-side panel, select, and click ◄Remove.
7. Click Save.

Edit Local User

1. Go to Security :: Local Accounts.
2. Locate and select checkbox next to username. 
3. Click Edit (displays dialog).
4. Make changes as needed.
5. Click Save.

Delete Local User

1. Go to Security :: Local Accounts.
2. Locate and select checkbox next to username. 
3. Click Delete.
4. On the confirmation dialog, click OK.

Lock Local User

The administrator can lock a user out of the device. 

1. Go to Security :: Local Accounts.
2. Locate and select checkbox next to username. 
3. Click Lock (locks user out of device).

Unlock Local User

As needed, the administrator can unlock a user. 

1. Go to Security :: Local Accounts.
2. Locate and select checkbox next to username. 
3. Click Unlock (allows user access)

There is a function whereby the user is authorized by an external authentication provider (LDAP, AD, or TACACS+) and the Local user account is locked. The user can authenticate with the sshkey, but permissions are enforced based on his group permissions with the external authentication provider.

Hash Format Password

As needed, the administrator can use a hash format password, rather than plain password. This can be used for scripts (avoids requiring scripts to use actual user passwords). The hash password must be generated separately beforehand. Use a hash password generator. These applications (OpenSSL, chpasswd, mkpasswd) use MD5, SHA256, SHA512 engines.

Hash Format

CLI Procedure

The Nodegrid Platform has an OpenSSL version. In the Console, use this:

root@nodegrid:~# openssl passwd -1 -salt mysall
Password:
$1$mysall$YBFr9On0wjde5be32mC1g1

Generate a new API key for a User

In the Type column, the user must have a value of API.

1. Go to Security :: Local Accounts.
2. Locate and click the user’s name – Type column must be API (displays dialog). (Alternatively, select checkbox and click Edit.) 
3. Click Reset API Key.
   IMPORTANT

   The new key is displayed in the API Key field. Copy the key and save in a secure location.
4. Click Save.