4.2. Related principles
4.2.1. Authentication mode
A user can be authenticated in two different ways :
Username/password
SSH key
Important
Simultaneously connecting several accounts is not possible.
4.2.2. Password management
The current account manages its own password and potentially other accounts as well.
Details are provided in the table below:
User |
can change the password |
||
|---|---|---|---|
setup |
gviewadm |
gview |
|
setup |
X |
X |
X |
gviewadm |
X |
X |
|
gview |
X |
||
The show passwords command enables displaying the list of users managed by the current level.
The set passwords command enables changing the password managed by the current level.
4.2.3. Password management policy
The passwords entered must comply with the password management policy.
The default policy is as follows:
Criteria
Default value
2
Minimum password length
12 characters
At least one lower case letter
yes
At least one lower case letter
yes
Presence of at least one capital letter
yes
Presence of at least one digit (0 to 9)
yes
Presence of at least one symbol (i.e. neither a number nor a letter)
yes
This policy is:
Viewable via the show password-policy command
Modifiable via the set password-policy command
4.2.4. SSH key
Authenticating SSH connections to administer GCap can be done via an SSH key.
All SSH keys authorized for an account and the list of different types of encryption are defined via the set ssh-keys command.
This mode is to be preferred to the user name/password pair.
Indeed, it enables defining a key per employee, thus ensuring traceability of connections and accountability of actions.
4.2.5. Rights associated with each account
The rights assigned to each account are listed in the presentation of each account.