A new parameter LOGIN-MODE
: permits to choose
between the former login method (LEGACY
), the default,
and a new one (USERS
).
The LOGIN-MODE
:LEGACY
keeps
unchanged the use of
PWDU
/PWDA
/PWDS
password for CP
and independent passwords for
TELNET/SSH access.
The LOGIN-MODE
:USERS
integrates CP with SSH and TELNET: the login to
TELNET
/SSH
is made with individual
user/password pair and is automatically inherited by CP. The CP passwords
PWDU
/PWDA
/PWDS
and TELNET/SSH passwords are not used and hidden in configuration. Access
to CP also depends on the new parameter CP-LEVEL
,
please refer to Section 22.3.2, “LOGIN-MODE:USERS access levels”.
An Abilis user named 'super' is
automatically created in the 8.9 configuration (see System Users for more
details) and used just for CP 'SUPERUSER' purposes. It is forcedly
activated when LOGIN-MODE
:USERS
and
it is forcedly deactivated when
LOGIN-MODE
:LEGACY
.
With LOGIN-MODE
:LEGACY
:
[12:52:46] ABILIS_CPX:d user
------------------------+-------------+----------------------------------------
USER PWD ACT|CTIP CLUS |CHAT LDAP PPP FTP HTTP MAIL IAX SIP VO
------------------------+-------------+----------------------------------------
admin NO # # NO YES YES YES YES NO NO NO NO
guest NO # # NO NO NO NO NO NO NO NO NO
super NO # # NO NO NO NO NO NO NO NO NO
With
LOGIN-MODE
:USERS:
[12:53:19] ABILIS_CPX:d user
------------------------+------------------------------------------------------ ------------------------+-------------+---------------------------------------- USER PWD ACT|CTIP CLUS |CHAT LDAP PPP FTP HTTP MAIL IAX SIP VO ------------------------+-------------+---------------------------------------- admin NO # # NO YES YES YES YES NO NO NO NO guest NO # # NO NO NO NO NO NO NO NO NO super YES # # NO NO NO NO NO NO NO NO NO [12:53:23] ABILIS_CPX:d user:super
------------------------------------------------------------------------------- Parameter: | Value: --------------------+---------------------------------------------------------- USER: super REAL-NAME: super <Read Only> ID: 3 <Read Only> PWD: ACT: YES <Read Only> CP-LEVEL: SUPER <Read Only> SSH-IP-PERMIT: * TELNET-IP-PERMIT: * -------------------------------------------------------------------------------
Important | |
---|---|
When changing the LEGACY to USERS [11:47:12] ABILIS_CPX: USERS to LEGACY [12:13:29] ABILIS_CPX: |
The password of user 'super' can be set in two ways:
Entering the real password, as usual.
Entering the password hash previously copied from another
Abilis where the real password was entered. The tool
config.exe
can be used to enter real password
and read the hash.
The password hash let a person to configure the password of 'super' without knowing the real password, so that only the persons that know the real password can access such Abilis as 'super'.
For example person A can set the password (the tool config.exe
can be used),
distribute it's hash to person B and let him to set the password on
another Abilis.
The result is that person B configured the password but only person A can access the Abilis as 'super' because only person A knows the real password.
For example:
Person A sets the password on an Abilis or with config.exe tool. He then copy the hash and distribute it to person B.
[18:11:19] ABILIS_CPX:s user:super pwd:mypassword
COMMAND EXECUTED [18:11:41] ABILIS_CPX:d user:super
... PWD: 1ef94fa4af527f9208965b2eb413da8b434056f49bba961d9b38c4e2d175578c ...
Person B connects to the target Abilis with current 'super' credentials', set the password using the hash, save and exit.
From this moment on only person A can access that Abilis as 'super' because only person A knows the real password.
[18:22:31] ABILIS_CPX:d user:super
... PWD: ... [18:22:43] ABILIS_CPX:s user:super pwd:1ef94fa4af527f9208965b2eb413da8b434056f49bba961d9b38c4e2d175578c
COMMAND EXECUTED [18:22:52] ABILIS_CPX:d user:super
... PWD: 1ef94fa4af527f9208965b2eb413da8b434056f49bba961d9b38c4e2d175578c ...