Create an account


Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Fedora - Managing user accounts with Cockpit

#1
Managing user accounts with Cockpit

<div style="margin: 5px 5% 10px 5%;"><img src="https://www.sickgaming.net/blog/wp-content/uploads/2019/10/managing-user-accounts-with-cockpit.png" width="1200" height="800" title="" alt="" /></div><div><p>This is the latest in a series of articles on Cockpit, the&nbsp;<a aria-label="first article (opens in a new tab)" href="https://cockpit-project.org/#easy-to-use">easy-to-use</a>,&nbsp;<a aria-label="second (opens in a new tab)" href="https://cockpit-project.org/#integrated">integrated</a>,&nbsp;<a aria-label="third (opens in a new tab)" href="https://cockpit-project.org/#glanceable">glanceable</a>, and&nbsp;<a href="https://cockpit-project.org/#open-ended">open</a>&nbsp;web-based interface for your servers. In the <a rel="noreferrer noopener" aria-label="first article (opens in a new tab)" href="https://fedoramagazine.org/cockpit-and-the-evolution-of-the-web-user-interface/" target="_blank">first article</a>, we introduced the web user interface. The <a rel="noreferrer noopener" aria-label="second (opens in a new tab)" href="https://fedoramagazine.org/performing-storage-management-tasks-in-cockpit/" target="_blank">second</a> and <a rel="noreferrer noopener" aria-label="third (opens in a new tab)" href="https://fedoramagazine.org/managing-network-interfaces-and-firewalld-in-cockpit/" target="_blank">third</a> articles focused on how to perform storage and network tasks respectively.</p>
<p>This article demonstrates how to create and modify local accounts. It also shows you how to install the 389 Directory Server add-on (or plugin). Finally, you’ll see how 389 DS integrates into the Cockpit web service.</p>
<h2>Managing local accounts</h2>
<p>To start, click the <strong>Accounts</strong> option in the left column. The main screen provides an overview of local accounts. From here, you can create a new user account, or modify an existing account.</p>
<figure class="wp-block-image"><img src="https://www.sickgaming.net/blog/wp-content/uploads/2019/10/managing-user-accounts-with-cockpit.png" alt="Accounts screen overview in Cockpit" class="wp-image-29439" /><figcaption>Accounts screen overview in Cockpit</figcaption></figure>
<h3>Creating a new account in Cockpit</h3>
<p>Cockpit gives sysadmins the ability to easily create a basic user account. To begin, click the <strong>Create New Account</strong> button. A box appears, requesting basic information such as the full name, username, and password. It also provides the option to lock the account. Click <strong>Create<mark class="annotation-text annotation-text-yoast" id="annotation-text-67c391fb-4728-4e72-8db9-a1a5020bf101"></mark></strong> to complete the process. The example below creates a new user named <em>Demo User</em>.</p>
<figure class="wp-block-image"><img src="https://www.sickgaming.net/blog/wp-content/uploads/2019/10/managing-user-accounts-with-cockpit.gif" alt="Creating a local account in Cockpit" class="wp-image-29434" /><figcaption>Creating a local account in Cockpit</figcaption></figure>
<h3>Managing accounts in Cockpit</h3>
<p>Cockpit also provides basic management of local accounts. Some of the features include elevating the user’s permissions, password expiration, and resetting or changing the password.</p>
<h3>Modifying an account</h3>
<p>To modify an account, go back to the accounts page and select the user you wish to modify. Here, we can change the full name and elevate the user’s role to Server Administrator — this adds user to the <em>wheel</em> group. It also includes options for access and passwords.</p>
<p>The <strong>Access</strong> options allow admins to lock the account. Clicking <strong>Never lock account</strong> will open the “Account Expiration” box. From here we can choose to Never lock the account, or to lock it on a scheduled date.</p>
<h4>Password management</h4>
<p>Admins can choose to <strong>Set password</strong> and <strong>Force Change</strong>. The first option prompts you to enter a new password. The second option forces users to create a new password the next time they login. </p>
<p>Selecting the <strong>Never change password</strong> option opens a box with two options. The first is <strong>Never expire the password</strong>. This allows the user to keep their password without the need to change it. The second option is <strong>Require Password change every … days</strong>. This determines the amount of days a password can be used before it must be changed.</p>
<h4>Adding public keys</h4>
<p>We can also add public SSH keys from remote computers for password-less authentication. This is equivalent to the <em>ssh-copy-id</em> command. To start, click the <strong>Add Public Key</strong> (<strong>+</strong>) button. Finally, copy the public key from a remote machine and paste it into the box.</p>
<p>To remove the key, click the remove (-) button to the right of the key.</p>
<h4>Terminating the session and deleting an account</h4>
<p>Near the top right-corner are two buttons: <strong>Terminate Session</strong>, and <strong>Delete</strong>. Clicking the <strong>Terminate Session</strong> button immediately disconnects the user. Clicking the <strong>Delete</strong> button removes the user and offers to delete the user’s files with the account.</p>
<figure class="wp-block-image"><img src="https://www.sickgaming.net/blog/wp-content/uploads/2019/10/managing-user-accounts-with-cockpit-1.gif" alt="Modifying and deleting a local account with Cockpit" class="wp-image-29435" /><figcaption>Modifying and deleting a local account with Cockpit</figcaption></figure>
<h2>Managing 389 Directory Server</h2>
<p>Cockpit has a plugin for managing the <a rel="noreferrer noopener" aria-label="389 Directory Service (opens in a new tab)" href="https://directory.fedoraproject.org/" target="_blank">389 Directory Service</a>. To add the 389 Directory Server UI, run the following command <a href="https://fedoramagazine.org/howto-use-sudo/">using sudo</a>:</p>
<pre class="wp-block-preformatted">$ sudo dnf install cockpit-389-ds</pre>
<p>Because of the enormous number of settings, Cockpit provides detailed optimization of the 389 Directory Server. Some of these settings include:</p>
<ul>
<li><strong>Server Settings</strong>: Options for server configuration, tuning &amp; limits, SASL, password policy, LDAPI &amp; autobind, and logging.</li>
<li><strong>Security</strong>: Enable/disable security, certificate management, and cipher preferences.</li>
<li><strong>Database</strong>: Configure the global database, chaining, backups, and suffixes. </li>
<li><strong>Replication</strong>: Pertains to agreements, Winsync agreements, and replication tasks.<mark class="annotation-text annotation-text-yoast" id="annotation-text-32c139be-02ab-493b-8c86-720abe508099"></mark></li>
<li><strong>Schema</strong>: Object classes, attributes, and matching rules.</li>
<li><strong>Plugins</strong>: Provides a list of plugins associated with 389 Directory Server. Also gives admins the opportunity to enable/disable, and edit the plugin.</li>
<li><strong>Monitoring</strong>: Shows database performance stats. View DB cache hit ratio and normalized DN cache. Admins can also configure the amount of tries, and hits. Furthermore, it provides server stats and SNMP counters.</li>
</ul>
<p>Due to the abundance of options, going through the details for 389 Directory Server is beyond the scope of this article. For more information regarding 389 Directory Server, visit their <a rel="noreferrer noopener" aria-label="389 Directory Server Documentation (opens in a new tab)" href="https://directory.fedoraproject.org/docs/389ds/documentation.html" target="_blank">documentation</a> site.</p>
<figure class="wp-block-image"><img src="https://www.sickgaming.net/blog/wp-content/uploads/2019/10/managing-user-accounts-with-cockpit-2.gif" alt="Managing 389 DS with Cockpit" class="wp-image-29436" /><figcaption>Managing 389 Directory Server with Cockpit</figcaption></figure>
<p>As you can see, admins can perform quick and basic user management tasks. However, the most noteworthy is the in-depth functionality of the 389 Directory Server add-on.</p>
<p>The next article will explore how Cockpit handles software and services.</p>
<hr class="wp-block-separator" />
<p><em>Photo by&nbsp;</em><a href="https://unsplash.com/@daniilvnoutchkov?utm_source=unsplash&amp;utm_medium=referral&amp;utm_content=creditCopyText"><em>Daniil Vnoutchkov</em></a><em>&nbsp;on&nbsp;<a href="https://unsplash.com/s/photos/cockpit?utm_source=unsplash&amp;utm_medium=referral&amp;utm_content=creditCopyText">Unsplash</a></em>.</p>
</div>


https://www.sickgaming.net/blog/2019/10/...h-cockpit/
Reply



Forum Jump:


Users browsing this thread:
1 Guest(s)

Forum software by © MyBB Theme © iAndrew 2016