How to make root to a SDM admin user
By rhierlmeier on Jun 27, 2008
The basic security infrastructure of a Hedeby system is created during the execution
sdmadm install_master_host command. It creates private keys for
the CA, for all daemons and for the
sdm_admin user. However the
root user is not an admin user. The private keys and certifcates are not
created automatically. Hence this user can not use sdmadm commands without password.
However it is possible to create the certificates and private keys manually.
First off all user root must be an admin user. Only admin users can access the Hedeby system. This step has to be executed as sdm_admin user.
# su - sdm_admin % sdmadm add_admin_user -au root Admin user "root" added %
After adding the user root to the admin user list, root can invoke any sdmadm command if the global option -ppw (prompt password) is specified. sdmadm will ask interactively for username and password.
For password less authentication the private keys and certificate for user root must be created. This can be done with the
sdmadm add_admin_user_certcommand. This command can now be executed as user root, it is an admin user. However a password must be provided:
# sdmadm -ppw add_admin_user_cert -e email@example.com -au root username [root] >> password > Private key and certificate for user, root, succesfully created
The private credentials and the certificate for the user root has now been created. The are known in the certificate authority on the master host. The final step is exporting this information into a keystore and transfer it to the host where root wants invoke the sdmadm command:
# sdmadm -ppw update_keystore -n root -t user username [root] > password > The specified keystore has been exported to the file /var/spool/sdm/s1/security/users/root.keystore
# cd var/spool/sdm/s1/security/users # ls -l total 8 -rw------- 1 sdm_admin root 3083 2008-06-24 13:25 sdm_admin.keystore -rw------- 1 root root 3073 2008-06-27 10:33 root.keystore