High access administrators, Default administrator, Local and ldap administrators – HP Secure Key Manager User Manual
Page 222: Administrator passwords, 222 default administrator, 222 local and ldap administrators, 222 administrator passwords
When creating an administrator, you should assign the minimum amount of access controls needed.
For example, a backup administrator will only need the Backup & Restore access controls. (You’ll
probably also want to assign an Administrative Access access control to most of your administrators.)
NOTE:
We strongly discourage the sharing of administrator accounts. Each administrator should have their
own administrator account.
High Access Administrators
When creating or modifying an administrator, you can select the High Access Administrator field.
High Access administrators have all access controls. They, therefore, have full control over the
configuration of the SKM appliance: they can create and delete administrator accounts, change
administrator passwords, and assign and revoke access controls. When you select this option, you’ll
notice that the system will automatically enable all of the access controls for that administrator.
NOTE:
Take great caution when creating High Access Administrators. It might be helpful to think of such
administrators as super users who can change the passwords of local administrators, assign and
revoke permissions, and create and delete administrators.
Both local and LDAP administrators can be High Access Administrators.
The admin account created during first-time initialization is a local High Access Administrator.
Default Administrator
The SKM appliance ships with a default administrator (admin), which is a local High Access
Administrator. Once the initial configuration is complete, you must log in as admin; thereafter, you
can create different administrators and log in with a different username.
Local and LDAP Administrators
The SKM appliance supports two types of administrators: local and LDAP. Functionally, local and
LDAP administrators have the same capabilities. For example, both local and LDAP administrators
can be High Access administrators. You can have multiple local and LDAP administrators at the same
time.
Administrator passwords
Local administrators are created within the SKM environment, either on the local device, or on a
member of a cluster. They are managed entirely on the SKM appliance. Local administrator usernames
are restricted to letters and numbers only, must start with a letter, and can be up to 30 characters
long. Local administrator passwords must adhere to the SKM appliance’s password policies. These
are discussed in “Password Management Overview” on page 207.
Using the Management Console
222