Send netdisco-users mailing list submissions to
netdisco-users@lists.sourceforge.net
To subscribe or unsubscribe via the World Wide Web, visit
https://lists.sourceforge.net/lists/listinfo/netdisco-users
or, via email, send a message with subject or body 'help' to
netdisco-users-requ...@lists.sourceforge.net
You can reach the person managing the list at
netdisco-users-ow...@lists.sourceforge.net
When replying, please edit your Subject line so it is more specific
than "Re: Contents of netdisco-users digest..."
Today's Topics:
1. Re: Local admin account (Dean, Barry)
--- Begin Message ---
* Now, you mentioned "default account" so I just want to check whether
you're also using the suggest_guest or no_auth features. If so, the above might
not all apply. Do let me know and we can explore further.
By “default account” I mean the one you get by default, which as you say will
be created by netdisco-deploy.
suggest_guest is not in my deployments.yml and “no_auth” appears commented out
as “#no_auth: false”.
The theory goes that because “admin” has write/change access to something
(anything) it should be governed by strict controls.
Thanks
Barry Dean
Network Analyst Team Leader
From: Oliver Gorwits <oli...@cpan.org>
Sent: 29 July 2025 18:45
To: Dean, Barry <b.d...@liverpool.ac.uk>; netdisco-users@lists.sourceforge.net
Subject: Re: [Netdisco] Local admin account
CAUTION: This email originated outside of the University. Do not click links
unless you can verify the source of this email and know the content is safe.
Check sender address, hover over URLs, and don't open suspicious email
attachments.
Hi Barry
Great question! I reckon you should be fine with the policy and Netdisco. The
admin account is only used by humans in the web interface. Here are some notes,
to help:
The netdisco-deploy script checks for the existence of one account with admin
privileges and will nag to create one if missing. So, you can't remove it (or
you can, but will be nagged by netdisco-deploy next time you upgrade). Submit a
feature ticket if you want to make the nagging optional; we could have a
setting to override.
The name "admin" is not special. You can have users with admin privileges
called anything, and indeed assign admin privileges to any account(s).
Yes you should be able to have an account with admin privileges via TACACS+ as
you need to create the accounts in netdisco matching the TACACS+ accounts
anyway - just add the admin rights checkbox. For recovery you could run
netdisco-deploy which will allow creation of a new local account with admin
privilege.
Now, you mentioned "default account" so I just want to check whether you're
also using the suggest_guest or no_auth features. If so, the above might not
all apply. Do let me know and we can explore further.
And finally just to say again: Netdisco itself, for all scheduled jobs and
netdisco-do, doesn't use any of the user accounts. They are simply for the web.
Hope this helps,
Oliver.
On Tue, 29 Jul 2025 at 17:32, Dean, Barry via netdisco-users
<netdisco-users@lists.sourceforge.net<mailto:netdisco-users@lists.sourceforge.net>>
wrote:
[cid:image001.gif@01DC015A.3DC3AA70]
I am being asked to implement a strict password policy on any local admin
accounts. I am wondering how I can do this with the default built-in admin
account on NetDisco.
It’s the only local account we have; all others use TACACS+.
1. Can I rename the default account?
2. Can I disable or delete the default admin account?
3. Can I make the default account use TACACS+? Obviously for recovery if
TACACS+ was ever down, we’d have a problem..
Password policy would be all the usual… Length, complexity, history, expiry
etc. Obviously not needed if the local account is made non-local or deleted!
Barry Dean
Network Team, University of Liverpool
_______________________________________________
Netdisco mailing list
netdisco-users@lists.sourceforge.net<mailto:netdisco-users@lists.sourceforge.net>
https://sourceforge.net/p/netdisco/mailman/netdisco-users/
--- End Message ---
_______________________________________________
Netdisco mailing list - Digest Mode
netdisco-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/netdisco-users
