Manage Service accounts¶
┌────────────────────────────────────────────────────────────────────────────┐
│ Service accounts │
└────────────────────────────────────────────────────────────────────────────┘
┌─┬──────────────────────────────────────────────────────────────────────────┐
│1│Change password for the Console user "storedsafe" │
│2│Update password and set database permissions for the "gui" user │
│3│Update password and set database permissions for the "notify" user │
│4│Update password and set database permissions for the "healthcheck" user │
│5│Update password and set database permissions for the "ykval_verifier" user│
│6│Update password and set database permissions for the "konsol" user │
│7│Change password for the MySQL "root" user │
└─┴──────────────────────────────────────────────────────────────────────────┘
Move the cursor or enter a it's corresponding number (Q to Quit)
Main> Provisioning> Service accounts>
Change password for the Console user “storedsafe”¶
Service accounts
Change password for the console ("storedsafe") user
Default password for the "storedsafe" user is "changeme"
Normally the password is set on 2 separate Yubikeys, each one
programmed with a 32 character long static password, to support
"Dual Control", however this is not enforced, but recommended.
Password: <passphrase stored on yubikey #1><passphrase stored on yubikey #2>
Re-enter Password: <passphrase stored on yubikey #1><passphrase stored on yubikey #2>
WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
Ensure you have this password stored in a secure fashion, without it
you will not be able to access the console of the StoredSafe appliance.
Ok to change the password for the "storedsafe" user? (<Y>/n): y
Activate the password change now? (<Y>/n): y
Press any key to continue
Update password and set database permissions for the “gui” user¶
Service accounts
The "gui" user is used by the frontend to communicate with the database
Password for the "gui" user? (. to generate or Q to Quit) <FIXME>: .
Password for the "gui" user? (. to generate or Q to Quit) <WOwp0xqZ4nin7I7y>:
WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
Upon activating this change, the web server will stopped momentarily, while
the password is changed. During this time, StoredSafe will be unavailable to
web users.
Commit the password change? (<Y>/n): y
* Stopping web server lighttpd [ OK ]
* Starting web server lighttpd [ OK ]
Press any key to continue
Update password and set database permissions for the “notify” user¶
Service accounts
The "notify" user is used by backend functions to communicate with the database
Password for the "notify" user? (. to generate or Q to Quit) <FIXME>: .
Password for the "notify" user? (. to generate or Q to Quit) <ip9Dk0C3ihfTt6Dh>:
Press any key to continue
Update password and set database permissions for the “healthcheck” user¶
Service accounts
The "healthcheck" user is used by the healthcheck function, to verify database connectivity
Password for the "healthcheck" user? (. to generate or Q to Quit) <FIXME>: .
Password for the "healthcheck" user? (. to generate or Q to Quit) <1xLYNH0Z6t-R7-0S>:
Press any key to continue
Update password and set database permissions for the “ykval verifier” user¶
Service accounts
The "ykval_verifier" user is used by the HSM validation function
Password for the "ykval_verifier" user? (. to generate or Q to Quit) <FIXME>: .
Password for the "ykval_verifier" user? (. to generate or Q to Quit) <L0FfLYMYkXUo8gjl>:
* Restarting YubiHSM YubiKey KSM yhsm-yubikey-ksm
* Unlocking YubiHSM key store yhsm-yubikey-ksm
Press any key to continue
Update password and set database permissions for the “konsol” user¶
Service accounts
The "konsol" user is used by the console application
Password for the "konsol" user? (. to generate or Q to Quit) <FIXME>: .
Password for the "konsol" user? (. to generate or Q to Quit) <D24PnXKr6lDqfAR3>:
Press any key to continue
Change password for the MySQL “root” user¶
Service accounts
The MySQL "root" user is the MySQL database superuser
Password for the MySQL "root" user? (. to generate or Q to Quit) <FIXME>: .
Password for the MySQL "root" user? (. to generate or Q to Quit) <fivopIzQ6Rkx7Xkr>:
Press any key to continue