Send netdisco-users mailing list submissions to
netdisco-users@lists.sourceforge.net
To subscribe or unsubscribe via the World Wide Web, visit
https://lists.sourceforge.net/lists/listinfo/netdisco-users
or, via email, send a message with subject or body 'help' to
netdisco-users-requ...@lists.sourceforge.net
You can reach the person managing the list at
netdisco-users-ow...@lists.sourceforge.net
When replying, please edit your Subject line so it is more specific
than "Re: Contents of netdisco-users digest..."
Today's Topics:
1. Local admin account (Dean, Barry)
2. Re: Local admin account (Oliver Gorwits)
--- Begin Message ---
I am being asked to implement a strict password policy on any local admin
accounts. I am wondering how I can do this with the default built-in admin
account on NetDisco.
It's the only local account we have; all others use TACACS+.
1. Can I rename the default account?
2. Can I disable or delete the default admin account?
3. Can I make the default account use TACACS+? Obviously for recovery if
TACACS+ was ever down, we'd have a problem..
Password policy would be all the usual... Length, complexity, history, expiry
etc. Obviously not needed if the local account is made non-local or deleted!
Barry Dean
Network Team, University of Liverpool
--- End Message ---
--- Begin Message ---
Hi Barry
Great question! I reckon you should be fine with the policy and Netdisco.
The admin account is only used by humans in the web interface. Here are
some notes, to help:
The netdisco-deploy script checks for the existence of one account with
admin privileges and will nag to create one if missing. So, you can't
remove it (or you can, but will be nagged by netdisco-deploy next time you
upgrade). Submit a feature ticket if you want to make the nagging optional;
we could have a setting to override.
The name "admin" is not special. You can have users with admin privileges
called anything, and indeed assign admin privileges to any account(s).
Yes you should be able to have an account with admin privileges via TACACS+
as you need to create the accounts in netdisco matching the TACACS+
accounts anyway - just add the admin rights checkbox. For recovery you
could run netdisco-deploy which will allow creation of a new local account
with admin privilege.
Now, you mentioned "default account" so I just want to check whether you're
also using the suggest_guest or no_auth features. If so, the above might
not all apply. Do let me know and we can explore further.
And finally just to say again: Netdisco itself, for all scheduled jobs and
netdisco-do, doesn't use any of the user accounts. They are simply for the
web.
Hope this helps,
Oliver.
On Tue, 29 Jul 2025 at 17:32, Dean, Barry via netdisco-users <
netdisco-users@lists.sourceforge.net> wrote:
> I am being asked to implement a strict password policy on any local admin
> accounts. I am wondering how I can do this with the default built-in admin
> account on NetDisco.
>
>
>
> It’s the only local account we have; all others use TACACS+.
>
>
>
> 1. Can I rename the default account?
> 2. Can I disable or delete the default admin account?
> 3. Can I make the default account use TACACS+? Obviously for recovery
> if TACACS+ was ever down, we’d have a problem..
>
>
>
> Password policy would be all the usual… Length, complexity, history,
> expiry etc. Obviously not needed if the local account is made non-local or
> deleted!
>
>
>
> Barry Dean
>
> Network Team, University of Liverpool
>
>
> _______________________________________________
> Netdisco mailing list
> netdisco-users@lists.sourceforge.net
> https://sourceforge.net/p/netdisco/mailman/netdisco-users/
>
--- End Message ---
_______________________________________________
Netdisco mailing list - Digest Mode
netdisco-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/netdisco-users