4.2. Related principles
4.2.1. Authentication mode
A user can be authenticated in two different ways:
Username/password
SSH key
Important
Simultaneously connecting several accounts is not possible.
4.2.2. Password management
The current account manages its own password and potentially other accounts as well.
Details are provided in the table below:
User |
can change the password |
||
|---|---|---|---|
setup |
gviewadm |
gview |
|
setup |
X |
X |
X |
gviewadm |
X |
X |
|
gview |
X |
||
The show passwords command enables displaying the list of users managed by the current level.
The set passwords command enables changing the password managed by the current level.
4.2.3. Password management policy
The passwords entered must comply with the password management policy.
The default policy is as follows:
Criteria |
Default value |
|---|---|
Number of different characters for a password to be considered as different |
2 |
Minimum password length |
12 characters |
Presence of at least one lower case letter |
yes |
Presence of at least one lower case letter |
yes |
Presence of at least one capital letter |
yes |
Presence of at least one digit (0 to 9) |
yes |
Presence of at least one symbol (i.e. neither a number nor a letter) |
yes |
This policy is:
Viewable via the show password-policy command
Modifiable via the set password-policy command
4.2.4. SSH key
Authenticating SSH connections to administer GCap can be done via an SSH key.
All SSH keys authorised for an account and the list of different types of encryption are defined via the set ssh-keys command.
This mode is to be preferred to the user name/password pair.
Indeed, it enables defining a key per employee, thus ensuring traceability of connections and accountability of actions.
4.2.5. Rights associated with each account
The rights assigned to each account are listed in the presentation of each account.