Do we have a timeline for when this long standing request will happen in v18?
Thanks,
John
Do we have a timeline for when this long standing request will happen in v18?
Thanks,
John
You can already create a new user and give them Administrator rights, isn't that essentially the same thing? Would be nice to have the ability to lock the built-in admin account. Also great would be the ability to enable two factor authentication on the built-in admin, but you can set two factor for a user with administrator rights. Perhaps the easiest workaround is to assign a ridiculous password to the built-in admin account and never use it unless in a dire emergency. Or, once you have created a new admin user, you could set the password for the default admin to a bunch of random gibberish typed on your keyboard and never make note of it anywhere. The only problem with that approach is you will never be able change the default admin password as it requires you to know the old one to set a new one. Another option might be to turn on Public Key Auth for the Admin but I'm not sure if that applies to users with Administrator rights or just the built-in admin.
Before you couldn't log into the CLI with anything other than the built-in Admin account. Not sure if they're changing that in v18.
Still only possible via Admin user but most likely you should switch to Public Key authentication for SSH. (my preferred authentication method).
Public Key authentication would lead to a better overview, who is logging in via SSH: The Key used for each session via SSH is logged.
Just some information beside your feature request from my site.
__________________________________________________________________________________________________________________
I wouldn't hold my breath, this was proposed almost 4 yeas ago, set as under review about 2.5 years ago and has yet to be implemented, what gives Sophos?
After reading that it appears that this has been half implemented, come on guys, just let us rename admin or disable and call this done.
According to the reply from Sophos on the ideas website this was supposed to be implemented at some point, that was 2.5 years ago.
I suspect this is tricky ...
Since SFOS/XG is a GUI to a collection of disparate open source softwares, I suspect that having "admin" as the default for all of these is almost a requirement. Probably that most of these softwares handle uppercase/lowercase differently for the username/password combo, and also the password complexity most certainly has different requirements for each. Communications between these modules must have its own level of complexity to keep it minimalistically secure ... Strongswan, Exim and all are all software that do not care whether they are running or not on the same devices.
Paul Jr
Well, they are renaming root to admin so why is it so difficult to rename it to something else? I imagine they have the same issue as calling eth0 port 1 and it took till v18 to rename a port in the gui.
I remember a thread in v16 where I was complaining about otp + caa not working anymore. Someone from Sophos replied that to separate admin from otp required them to a complete authentication redesign. They gave other issue to “fight” against with now.