Layer 7 API Management

Expand all | Collapse all

CA API Gateway Custom Administrator

Jump to Best Answer
  • 1.  CA API Gateway Custom Administrator

    Posted 01-02-2020 12:14 PM
    Hi All,

    we are using CA API Gateway 9.2 OVA.
    can we have a custom administrator having the privileges same as root for CA API Gateway?
    so that we need not sudo to root frequently/unnecessarily for the operations on ssgconfig or any other important activities..
    please help us in creating such account in CA API Gateway 9.2.


  • 2.  RE: CA API Gateway Custom Administrator

     
    Posted 01-02-2020 01:46 PM

    By default there is only 1 linux administrative user root and this user is not allowed direct login because it causes security issues.

    You can reconfigure sshd_config to allow root login (and ssh_allowed_users files). But this is not something we provide directions on since it causes a security concern.
    As well its possible to create another user and assign uid=0 in etc/users but again is not suggested nor something we have specific steps on.

    Thanks.




  • 3.  RE: CA API Gateway Custom Administrator

    Posted 01-02-2020 02:12 PM
    Thanks Charles for quick response.

    Basically I wanted to understand about the root account usage (like use cases and privileges or any other usage)

     And, how this root account can be replaced with some sudo account like "smuser" like we have in siteminder policy server that doesn't need root but we can sudo to "smuser"?

    Hope you got my intention. Sorry for bothering again. Please help. Thanks.


  • 4.  RE: CA API Gateway Custom Administrator
    Best Answer

    Posted 30 days ago
    As suggested by Charles for security reason you should not allow use root to ssh.

    Having said that. you can create local use with minimum privileges e.g smuser using linux add command

    Steps:
    1. Login to ssgconfig and select option 3
    2. Login as root
    3. Create user using user add option (e.g. smuser) -- Link above
    4. Add the user to suoder group (here)
    5. Add the user to sudoer command that you may want to run (like mysql operation and so on links here or create a group in Sudoer file with required command permission and add the user to that group using usermod option )
    6. Add the user or group in ssh_allowed_user then you can login after which you can perform suoder operations

    Finally you also have Integration with LDAP https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-enterprise-software/layer7-api-management/api-gateway/9-2/install-configure-upgrade/configure-the-appliance-gateway/gateway-system-settings-appliance/option-4-configure-authentication-method.html

    ------------------------------
    Pre-Sales Consultant
    ------------------------------