Please note that this article applies to the "old" BoKS Administration GUI. The "old" GUI is no longer supported as of BoKS Manager version 6.7.0. Thus this procedure only applies to version 6.6.2 and earlier.

There is a separate article that covers the same issue with FoxT Control Center (FCC). Please refer to this if you have BoKS 6.7 or later, or use FCC.

Summary
If a user only uses the administration GUI and does not ever need shell access to a UNIX system, it is possible to define the user in a Host Group that maps to an empty NIS map. The user will be allowed to log in to the administration GUI, and will not appear in /etc/passwd (and equivalent) files.

Procedure

1. Create a Host Group that contains the Master and any Replica that may be promoted to Master in the future.

Example:

hgrpadm -a -g GUI -m master

2. Create a NIS map for this Host Group. Ensure that the action for "make" does nothing.

Example:

touch /etc/opt/boksm/passwd

modnismap -a -h GUI -n master -f /etc/opt/boksm/passwd
-c "cat /dev/null > /etc/opt/boksm/passwd"

3. Create the administrative user in this Host Group. This user cannot use ldapauth or kerberos as authentication method.

Example:

mkbks -l GUI:guiuser -h /dev/null -g 100

passwd GUI:guiuser

Changing password for GUI:guiuser

The password length should be between 6 and 8 characters
New password:

Reenter new password:

Password changed

4. Assign the user a BOKSADM Access Route to the Host Group. This would normally be assigned via membership of a User Class, but it can also be assigned directly to the user.

Example:

ttyadmin -a -l GUI:guiuser -z 'BOKSADM:ANY/*->master' -b 0 -e 0 -w 1234567

5. Verify that the user is not in /etc/passwd.

Example:

grep guiuser /etc/passwd

6. Verify that user can log in to the GUI.


Still have questions? We can help. Submit a case to Technical Support.

Last Modified On: May 25, 2018