Layer7 API Management

Hi All,

we are using CA API Gateway 9.2 OVA.
can we have a custom administrator having the privileges same as root for CA API Gateway?
so that we need not sudo to root frequently/unnecessarily for the operations on ssgconfig or any other important activities..
please help us in creating such account in CA API Gateway 9.2.

By default there is only 1 linux administrative user root and this user is not allowed direct login because it causes security issues.

You can reconfigure sshd_config to allow root login (and ssh_allowed_users files). But this is not something we provide directions on since it causes a security concern. 
As well its possible to create another user and assign uid=0 in etc/users but again is not suggested nor something we have specific steps on. 

Thanks.

Original Message:
Sent: 01-02-2020 12:13 PM
From: Pavansai C
Subject: CA API Gateway Custom Administrator

Hi All,

we are using CA API Gateway 9.2 OVA.
can we have a custom administrator having the privileges same as root for CA API Gateway?
so that we need not sudo to root frequently/unnecessarily for the operations on ssgconfig or any other important activities..
please help us in creating such account in CA API Gateway 9.2.

Thanks Charles for quick response.

Basically I wanted to understand about the root account usage (like use cases and privileges or any other usage)

 And, how this root account can be replaced with some sudo account like "smuser" like we have in siteminder policy server that doesn't need root but we can sudo to "smuser"?

Hope you got my intention. Sorry for bothering again. Please help. Thanks.
Original Message:
Sent: 01-02-2020 01:45 PM
From: Charles L
Subject: CA API Gateway Custom Administrator

By default there is only 1 linux administrative user root and this user is not allowed direct login because it causes security issues.

You can reconfigure sshd_config to allow root login (and ssh_allowed_users files). But this is not something we provide directions on since it causes a security concern.
As well its possible to create another user and assign uid=0 in etc/users but again is not suggested nor something we have specific steps on.

Thanks.

Original Message:
Sent: 01-02-2020 12:13 PM
From: Pavansai C
Subject: CA API Gateway Custom Administrator

Hi All,

we are using CA API Gateway 9.2 OVA.
can we have a custom administrator having the privileges same as root for CA API Gateway?
so that we need not sudo to root frequently/unnecessarily for the operations on ssgconfig or any other important activities..
please help us in creating such account in CA API Gateway 9.2.

As suggested by Charles for security reason you should not allow use root to ssh.

Having said that. you can create local use with minimum privileges e.g smuser using linux add command

Steps:
1. Login to ssgconfig and select option 3
2. Login as root 
3. Create user using user add option (e.g. smuser) -- Link above
4. Add the user to suoder group (here)
5. Add the user to sudoer command that you may want to run (like mysql operation and so on links here or create a group in Sudoer file with required command permission and add the user to that group using usermod option )
6. Add the user or group in ssh_allowed_user then you can login after which you can perform suoder operations

Finally you also have Integration with LDAP https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-enterprise-software/layer7-api-management/api-gateway/9-2/install-configure-upgrade/configure-the-appliance-gateway/gateway-system-settings-appliance/option-4-configure-authentication-method.html

------------------------------
Pre-Sales Consultant
------------------------------

Original Message:
Sent: 01-02-2020 02:12 PM
From: Pavansai C
Subject: CA API Gateway Custom Administrator

Thanks Charles for quick response.

Basically I wanted to understand about the root account usage (like use cases and privileges or any other usage)

 And, how this root account can be replaced with some sudo account like "smuser" like we have in siteminder policy server that doesn't need root but we can sudo to "smuser"?

Hope you got my intention. Sorry for bothering again. Please help. Thanks.
Original Message:
Sent: 01-02-2020 01:45 PM
From: Charles L
Subject: CA API Gateway Custom Administrator

By default there is only 1 linux administrative user root and this user is not allowed direct login because it causes security issues.

You can reconfigure sshd_config to allow root login (and ssh_allowed_users files). But this is not something we provide directions on since it causes a security concern.
As well its possible to create another user and assign uid=0 in etc/users but again is not suggested nor something we have specific steps on.

Thanks.

Original Message:
Sent: 01-02-2020 12:13 PM
From: Pavansai C
Subject: CA API Gateway Custom Administrator

Hi All,

we are using CA API Gateway 9.2 OVA.
can we have a custom administrator having the privileges same as root for CA API Gateway?
so that we need not sudo to root frequently/unnecessarily for the operations on ssgconfig or any other important activities..
please help us in creating such account in CA API Gateway 9.2.