This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Question about SSO admin password

Hello,

 

We know that admin password for SSO link is visible clearly in HTTP printable configuration and SSH view.

We know how to hide it in http printable configuration but it's still visible in SSH view.

How can we hide the admin password in SSH view ? (We don't want that our providers can see this password)

 

Thanks for your help,

 

Eric



This thread was automatically locked due to age.
  • Salut, Eric, and welcome to the UTM Community!

    The "password" visible at the command line and in the 'Printable Configuration' is the MD4 hash of the password, not the actual password.

    Rather than use the admin account to administer your UTM, I suggest that you use your own backend-authenticated account, make a separate account for your provider and use the locally-authenticated admin account only in emergencies when your backend malfunctions.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • We use 2x locally authenticated accounts which are never used and are for backup/emergency purposes. These accounts are stored in an encrypted file (along with others) onsite and offsite.

    Normal authentication is via AD so I agree 100% with Bob.