Password - Restrict Access to IGEL OS Components
The following article provides details on different authorization levels in IGEL OS, which you can configure to protect your endpoint devices against unwanted changes. You will learn the difference between the access for administrator and setup administrator, for user and setup user.
For a general overview on securing your devices, see Securing IGEL OS Endpoints.
Menu path: Security > Password
You can assign four different authorization levels:
Administrator: The administrator has full access to the IGEL Setup.
The assignment of the administrator password is a prerequisite for all other rights assignments. Even if the administrator wants to leave the administration of the IGEL Setup to the setup administrator, the administrator password must be set.
An administrator password protects the following critical actions/areas from unauthorized access:
the reset to factory defaults in the boot menu
the local terminal
Setup Administrator: A user to whom rights are assigned for minor administrative tasks. You specify which pages the setup administrator can edit under Accessories > Setup > Setup Administrator Permissions.
Setup User: A user who can make some unlocked user settings in the IGEL Setup. You specify which pages the setup user can edit under Accessories > Setup > Setup User Permissions.
User: This user has no access to the IGEL Setup. A user password is required in the following cases:
when logging on to the terminal session
when logging on to sessions (see Desktop Integration)
for unlocking the screenlock
If you have defined passwords for different authorization levels, a login window appears at the start of the IGEL Setup in which you can select an authorization level:
When entering a password, ensure that the correct keyboard layout is enabled.
Administrator
Use password
☑
A password is needed to log in as administrator (root
).
A password is also needed for the user, the setup user, and the setup administrator.
The password is set by clicking Change Password.
☐
No password is needed to log in as an administrator. Also, no password is needed for the user (user
), the setup user, and the setup administrator.*
Change Password
Sets a new password for the administrator (root
).
Effects on local terminal access
Setting an administrator password has the following effects on the access to local terminals:
For logging in as
root
, the administrator password must be entered.Logging in as
user
is no longer possible.
However, you can allow access for user
by making the following settings:
Enable the registry key
system.security.usershell
(Default: Disabled).Set a user password.
For logging in as user
, the user password will have to be entered. (See the "User" section of this page).
Setup Administrator
Setup Administrator Access
This option is relevant if an administrator password is set.
☑
The setup administrator can access the areas of the IGEL Setup for which he has authorization. Further information can be found under Setup Administrator Permissions - Define Access to IGEL Setup Areas.
A password is needed to log in as setup administrator.
The password is set by clicking Change Password.
☐
The setup administrator cannot access the IGEL Setup.*
Change Password
Sets a new password for the setup administrator.
Setup User
Setup User Access
This option is relevant if an administrator password is set.
☑
The setup user can access the areas of the IGEL Setup for which he has authorization. Further information can be found under Setup User Permissions - Define Access to IGEL Setup Areas.
A password is needed to log in as a setup user.
The password is set by clicking Change Password.
☐
The user cannot access the IGEL Setup.*
Change Password
Sets a new password for the setup user.
User
Use Password
This option is relevant if an administrator password is set.
☑
The user (user
) needs a password in order to log in to the device via the local terminal. The password is set by clicking Change Password.
☐
If an administrator password is set, the user (user
) cannot log in to the device via the local terminal. If no administrator password is set, the user (user
) can log in to the device via the local terminal without a password.*
Change Password
Sets a new password for the user (user
).
User Account for Remote Access
Enable Login
☑
The remote user (ruser
) can log in to the device via SSH. Further information can be found under SSH Access.*
☐
Logging in via SSH is not possible.
Use Password
☑
A password is needed to log in via SSH.
☐
No password is needed to log in via SSH.*
Change Password
Sets a new password for the remote user (ruser
).
*IGEL OS system default