a29d5a76f2
Replaced note updated patchset 3 comments Updated patchset 2 comments and added an additional note Updated Patchset 1 comments and added an additional note Change-Id: Icf617e27827e263a1b71155e76eb671f12d254cf Signed-off-by: Juanita Balaraj <juanita.balaraj@windriver.com>
2.0 KiB
Linux User Accounts
A brief description of the system accounts available in a system.
- Sysadmin Local Linux Account
-
This is a local, per-host, sudo-enabled account created automatically when a new host is provisioned. It is used by the primary system administrator for , as it has extended privileges.
See
The sysadmin Account <the-sysadmin-account>for more details. - Local Linux User Accounts
-
Local Linux User Accounts should NOT be created since they are used for internal system purposes.
- Local LDAP Linux User Accounts
-
These are local LDAP accounts that are centrally managed across all hosts in the cluster. These accounts are intended to provide additional admin level user accounts (in addition to sysadmin) that can SSH to the nodes of the and/or access its Kubernetes cluster.
See
Local LDAP Linux User Accounts <local-ldap-linux-user-accounts>andManage Composite Local LDAP Accounts at Scale <manage-local-ldap-39fe3a85a528>for more details.Note
For security reasons, it is recommended that ONLY admin level users be allowed to to the nodes of the . Non-admin level users should strictly use remote or remote web GUIs.
For more information, refer to the following:
the-sysadmin-account local-ldap-linux-user-accounts create-ldap-linux-accounts create-ldap-linux-groups-4c94045f8ee0 delete-ldap-linux-accounts-7de0782fbafd remote-access-for-linux-accounts password-recovery-for-linux-user-accounts local-ldap-user-password-expiry-mechanism-eba5d34abbd4 estabilish-credentials-for-linux-user-accounts establish-keystone-credentials-from-a-linux-account starlingx-openstack-kubernetes-from-stsadmin-account-login kubernetes-cli-from-local-ldap-linux-account-login manage-local-ldap-39fe3a85a528