Layer7 API Management

 View Only
  • 1.  Portal 4.5: Issue with updating grub hashed password

    Posted Jun 16, 2020 06:16 AM
    Hi,
    I'm following the installation procedure for Developer Portal 4.5 of which the ova comes with the version 3 hardened image.
    https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-enterprise-software/layer7-api-management/api-developer-portal/4-5/install-configure-and-upgrade/install-portal-on-docker-swarm/prepare-your-environment/centos-hardened-image/configure-and-start-centos-7-ova-version-3-image.html

    In the step "Change Grub Bootloader Password" there is something incorrect or missing. Description says "The grub bootloader requires a user name and password in order to edit the boot-time settings. The user name is portal." Does this mean we need to switch to the portal user ?
    If yes, what is the default password for that ?

    In step 2 it is mentioned that we have to open the /etc/grub.d/01_users file, but as centos user this is not possible. Also it is not possible to gain root permissions via sudo or su -.
    [centos@portaltest-eumlv074 ~]$ su -
    Password:
    Last login: Tue Mar 12 11:02:57 PDT 2019 from 10.175.72.146 on pts/0
    Last failed login: Tue Jun 16 02:55:19 PDT 2020 on tty1
    There was 1 failed login attempt since the last successful login.
    su: failed to execute nologin: No such file or directory

    As workaround I can change the root shell permissions in /etc/password for root and change from nologin to /bin/bash.

    Can someone tell correct procedure for this as techdocs seem missing something ?

    ------------------------------
    Integration Consultant
    Enable-U
    The Netherlands
    ------------------------------


  • 2.  RE: Portal 4.5: Issue with updating grub hashed password
    Best Answer

    Broadcom Employee
    Posted Jun 18, 2020 11:42 AM
    You need to provide the username as portal when you edit the boot time setting in the Grub bootloader. The default password may (not verified) be 7layer. The documented steps will help to change the default password for the username portal.

    You can use sudo with centos username (and provide centos password when asked) to run all root user commands like:

    sudo grub2-mkpasswd-pbkdf2
    sudo vi /etc/grub.d/01_users
    sudo grub2-mkconfig -o /boot/grub2/grub.cfg

    The su - will not work as the root user is set to nologin shell.



  • 3.  RE: Portal 4.5: Issue with updating grub hashed password

    Posted Jun 19, 2020 02:45 AM
    Edited by Marco Zwetsloot Jun 19, 2020 02:45 AM
    Hi Saravanan,
    The default password for portal user is not layer7, I changed it with sudo passwd portal. When I then want to switch to the portal user:
    [centos@portaltest-eumlv074 ~]$ su portal
    Password:
    su: failed to execute nologin: Permission denied

    When I check in /etc/passwd I see the following for user portal:
    centos:x:1000:1000:centos:/home/centos:/bin/bash
    portal:x:1001:1001:portal:/home/portal:nologin

    So by default the user login for user portal is disabled.

    When as user centos the sudo vi /etc/grub.d/01_users command doesn't work. If I try to go into directory /etc/grub.d then that isn't allowed as it seems.

    The documented steps for Configure and Start CentOS 7 OVA Version 3 Image doesn't mention anything about changing password for the portal user, that is only mentioned in the version 1 image documentation. From version 2 it seems the default user was changed to centos but to me not all has been set correctly and user centos doesn't have same privileges as user portal had.

    ------------------------------
    Integration Consultant
    Enable-U
    Netherlands
    ------------------------------