Child pages
  • Managing Netmail Store Administrators and Users
Skip to end of metadata
Go to start of metadata


Netmail Store uses two security lists:

  • Administrators can access the Netmail Store Admin Console and change the cluster configuration. Netmail Store administrators can also specify administrative SNMP users who have read-write access to the community password.
  • Operators can view the Netmail Store Admin Console but cannot change the cluster configuration. SNMP users have read-only access to the community password.

Each user list is specified by a name value pair in the following format:

{security.administrators} = {'username':'password', 'username':'password'}
{security.operators} = {'username':'password', 'username':'password'}

Example definition using [section] notation:

[security]
administrators = {'admin':'ourpwdofchoicehere', 'snmp':'ourpwdofchoicehere'}
operators = {'snmp':'public', 'Jane.Smith':'abc123'}

  • SNMP access: SNMP uses a single SNMP user for all access and validates the community string password from the administrators and operators list to determine if the user is allowed read-only or read/write access. The default read-only community password is public.
  • Passwords: Change passwords as soon as possible. Improve security by encrypting the Netmail Store passwords; however, you cannot hash SNMP passwords, due to constraints in the Net-SNMP version used by Netmail Store.

See also: Changing the Administration Password.

Important: The names admin and snmp are reserved, so do not delete them. Deleting these names results in errors and unpredictable performance. If you decide not to use these names, define complex passwords to protect them.

Modifying Administrators without Rebooting

You may modify the list of Administrators and their passwords without rebooting by using several read-write SNMP OIDs. New administrative users can be added and existing users modified with the addModifyAdministrator SNMP OID.

  • To add a new user, include the new user name and password separated by a colon:

addModifyAdministrator = "Jo.Jones:password1"

  • To modify the password for an existing user, include the existing user name and new password separated by a colon:

addModifyAdministrator = "Jo.Jones:password2"

  • To delete administrative users (except the default admin and snmp users), send the name of an admin user to the removeAdministrator SNMP OID:

removeAdministrator = "Jo.Jones"

It can take several minutes for these SNMP changes to propagate in the cluster. During this update window, old passwords and deleted users will continue to work for up to 10 minutes.

Note: Any changes made via SNMP against a running cluster must also be made in the node or cluster configuration file so that any nodes that are offline when the change is made or new nodes added to the cluster after the fact can correctly authenticate cluster-wide actions.

Caution: All administrative users and passwords must agree across all nodes or certain cluster actions will fail.

Encrypting Netmail Store Passwords

Instead of a clear text password, you can also represent the password as a hexadecimal-encoded MD5 hash of the following string:

username:user-list-name:password

where username and password must consist only of ASCII characters and user-list-name can be either CAStor administrator or CAStor operator.

Note: The Netmail Store Administrator and Operator SNMP user passwords must be clear text and cannot be hashed due to constraints in the Net-SNMP version used by Netmail Store.

To create the MD5 hash, use a programming language or a utility such as md5sum or Apache htdigest. Netmail does not recommend a particular utility.

For example, to update your node or cluster configuration file with a password hash you create using htdigest:

1. Create a hash of the user name, password, and user list name.

htdigest -c castor_admins "CAStor administrator" Jo.Jones

2. When prompted by htdigest, enter and confirm the user's password.

3. Open castor_admins in a text editor.

The hash is the last entry in the string:

Jo.Jones:Netmail administrator:08b0468c1d957b7bac24463dd2191a2d

4. Update the security.administrators parameter in your node or cluster configuration file.

security.administrators = {'admin':'ourpwdofchoicehere','Jo.Jones':'08b0468c1d957b7bac24463dd2191a2d'}

5. Save your changes and exit the text editor.

6. Restart the cluster to use the new setting.

Important: Note that the admin user must always be specified in the security.administrators parameter. Be sure to change the password.

Specifying console administrative permissions in the configuration file on one node allows access and control of all other nodes in the cluster when the console is accessed from that node. All nodes must specify the same administrators list to avoid differing permissions by node.

  • No labels

1 Comment

  1. Anonymous


    CÓMO RECIBO UN PRÉSTAMO POR BRYAN ROLAND

    Soy Bryan Roland por su nombre, quiero utilizar este medio para alertar a todos los solicitantes de préstamos a tener mucho cuidado porque hay estafas en todas partes, hace unos meses estaba muy tenso económicamente, y debido a mi desesperación me vi estafado por varios prestamistas en línea.

    Casi había perdido la esperanza hasta que un amigo mío me refirió a un prestamista muy confiable llamado Sr. Stephen Williams (un hombre temeroso de Dios) que me prestó un préstamo de $ 145,000 en 72 horas de trabajo sin ningún estrés. Le explico a la compañía por correo y todo lo que me dijeron fue no llorar más porque obtendré mi préstamo de esta compañía y también he tomado la decisión correcta de contactarlos llené el formulario de solicitud de préstamo y procedí con todo lo que se solicitó de mí y para mi sorpresa me dieron el préstamo.

    Si necesita algún tipo de préstamo, contáctelo ahora a través de: stephenswillsloan@gmail.com

    Estoy usando este medio para alertar a todos los solicitantes de préstamos debido al infierno que pasé en manos de esos prestamistas fraudulentos.

    Gracias, STEPHEN WILLS. Servicio de préstamo por su ayuda.