September 18, 2007 at 2:52 pm #40780
Is there a way to specify multiple users as “admin” users?
I’m asking because we just set up Zeroshell at my work and having a single admin user is a stumbling block to coverting clients to WPA Enterprise security. We can essentially only convert one client at a time right now, even if we have two or three people available to do the job. As it stands, if another user logs in as “admin”, the previous user logged in as “admin” is kicked out.
PaulSeptember 26, 2007 at 2:24 pm #45885
Is this a feature for the future?September 26, 2007 at 4:38 pm #45886
Paul, it is not easy for me to allow multiple admin’s session. This is because the Zeroshell scripts do not use a lock system.
I do not think to implement this feature in the near future.
FulvioSeptember 28, 2007 at 12:28 pm #45887
I can understand the reasoning behind that and truthfully multiple admins alone wouldn’t solve one issue that we have.
Is there any way to add/edit/delete users other than through the web interface?
The reason I’m asking this is because two different groups of people at my workplace are responsible for different portions of zeroshell. Our security group is responsible for adding/editing/deleting users. Our network operations department is responsible for the access points and troubleshooting and typically has the user set their own password at the time of the installation (after the user has been added by the security department).
Network Operations really does not want the Security department to have access to anything but the user add/edit/delete portion, as they should not need access to anything else.
This has only become a problem now that we’ve actually switched everyone over to WPA Enterprise security using Zeroshell (which was done entirely by the Network Operations group) and it’s about time to hand things over to the Security department. We’d like to provide them with the cleanest, easiest way to do just the portion of the job that they require. If we can accomplish this through another user interface, that would be fine. It would probably also solve the potential issue of someone in the Security group logging into Zeroshell for user maintenance and knocking someone in the Network Operations group out.
Any ideas on what we could do to accomplish our goal?
PaulSeptember 28, 2007 at 6:17 pm #45888
To create /manage user or host accounts you need to create/manage LDAP and Kerberos 5 entries. Therefore, you could use ldapadd/ldapmodify (OpenLDAP) and the kadmin (Kerberos 5 MIT) to remotely manage Zeroshell.
The next week I am going to make a Bash script to remotely create/modify user account.
By using such script, you could create a web interface with PHP or CGI technique to administer Zeroshell without the problem of the limit on the number of admin sessions.
You must be logged in to reply to this topic.