Managing user accounts with Cockpit

This is the latest in a series of articles on Cockpit, the easy-to-useintegratedglanceable, and open web-based interface for your servers. In the first article, we introduced the web user interface. The second and third articles focused on how to perform storage and network tasks respectively.

This article demonstrates how to create and modify local accounts. It also shows you how to install the 389 Directory Server add-on (or plugin). Finally, you’ll see how 389 DS integrates into the Cockpit web service.

Managing local accounts

To start, click the Accounts option in the left column. The main screen provides an overview of local accounts. From here, you can create a new user account, or modify an existing account.

Accounts screen overview in Cockpit
Accounts screen overview in Cockpit

Creating a new account in Cockpit

Cockpit gives sysadmins the ability to easily create a basic user account. To begin, click the Create New Account button. A box appears, requesting basic information such as the full name, username, and password. It also provides the option to lock the account. Click Create to complete the process. The example below creates a new user named Demo User.

Creating a local account in Cockpit
Creating a local account in Cockpit

Managing accounts in Cockpit

Cockpit also provides basic management of local accounts. Some of the features include elevating the user’s permissions, password expiration, and resetting or changing the password.

Modifying an account

To modify an account, go back to the accounts page and select the user you wish to modify. Here, we can change the full name and elevate the user’s role to Server Administrator — this adds user to the wheel group. It also includes options for access and passwords.

The Access options allow admins to lock the account. Clicking Never lock account will open the “Account Expiration” box. From here we can choose to Never lock the account, or to lock it on a scheduled date.

Password management

Admins can choose to Set password and Force Change. The first option prompts you to enter a new password. The second option forces users to create a new password the next time they login.

Selecting the Never change password option opens a box with two options. The first is Never expire the password. This allows the user to keep their password without the need to change it. The second option is Require Password change every … days. This determines the amount of days a password can be used before it must be changed.

Adding public keys

We can also add public SSH keys from remote computers for password-less authentication. This is equivalent to the ssh-copy-id command. To start, click the Add Public Key (+) button. Finally, copy the public key from a remote machine and paste it into the box.

To remove the key, click the remove (-) button to the right of the key.

Terminating the session and deleting an account

Near the top right-corner are two buttons: Terminate Session, and Delete. Clicking the Terminate Session button immediately disconnects the user. Clicking the Delete button removes the user and offers to delete the user’s files with the account.

Modifying and deleting a local account with Cockpit
Modifying and deleting a local account with Cockpit

Managing 389 Directory Server

Cockpit has a plugin for managing the 389 Directory Service. To add the 389 Directory Server UI, run the following command using sudo:

$ sudo dnf install cockpit-389-ds

Because of the enormous number of settings, Cockpit provides detailed optimization of the 389 Directory Server. Some of these settings include:

  • Server Settings: Options for server configuration, tuning & limits, SASL, password policy, LDAPI & autobind, and logging.
  • Security: Enable/disable security, certificate management, and cipher preferences.
  • Database: Configure the global database, chaining, backups, and suffixes.
  • Replication: Pertains to agreements, Winsync agreements, and replication tasks.
  • Schema: Object classes, attributes, and matching rules.
  • Plugins: Provides a list of plugins associated with 389 Directory Server. Also gives admins the opportunity to enable/disable, and edit the plugin.
  • Monitoring: Shows database performance stats. View DB cache hit ratio and normalized DN cache. Admins can also configure the amount of tries, and hits. Furthermore, it provides server stats and SNMP counters.

Due to the abundance of options, going through the details for 389 Directory Server is beyond the scope of this article. For more information regarding 389 Directory Server, visit their documentation site.

Managing 389 DS with Cockpit
Managing 389 Directory Server with Cockpit

As you can see, admins can perform quick and basic user management tasks. However, the most noteworthy is the in-depth functionality of the 389 Directory Server add-on.

The next article will explore how Cockpit handles software and services.


Photo by Daniil Vnoutchkov on Unsplash.

Using Software

1 Comment

  1. Jan

    Running freeIPA on one of my server VMs, I also tinkered around with the 389 Cockpit extension, but I was afraid that it may dis- or corrupts the information of freeIPA as Cockpit’s web interface is fairly simple compared to that of freeIPA.

    Would be cool to highlight it in the article if it is generally safe to work with Cockpit on a freeIPA instance, which is (mostly) also based on 389 DS.

Comments are Closed

The opinions expressed on this website are those of each author, not of the author's employer or of Red Hat. Fedora Magazine aspires to publish all content under a Creative Commons license but may not be able to do so in all cases. You are responsible for ensuring that you have the necessary permission to reuse any work on this site. The Fedora logo is a trademark of Red Hat, Inc. Terms and Conditions