Managing local administrator authentication
By default, Pexip Infinity only has a single local administrator account for accessing the Pexip Infinity Administrator interface and the Pexip Infinity management API. The username and password for this account are set during the installation process, when running the installation wizard. The default username is admin.
When logging in using this account, the credentials are authenticated against Pexip Infinity's own local (internal) database.
This local administrator account can be used on its own, or in addition to other administrator authentication methods such as LDAP, OpenID Connect, and OAuth.
Administrator roles are not relevant to the local admin account. The account always has full read-write access, and this is not configurable.
Configuring Pexip Infinity
To allow administrators to use the local administrator account when they log in to the Pexip Infinity Administrator interface or management API, go to . The relevant options are:
Option | Description |
---|---|
Authentication source |
The database to query for administrator authentication and authorization. Local database: uses the Pexip Infinity local on-box database. Administrators can only log in via the default account (typically admin) and will have full administrator privileges. LDAP database: administrators can only log in using an account configured on the LDAP database and obtain privileges according to the groups and roles associated with that account. Note that if this option is selected and the LDAP server is inaccessible for any reason, administrators will not be able to log in to the Pexip Infinity web-based Administrator interface or management API. LDAP database and local database: administrators can log in using either the default local admin account or via an account configured on the LDAP database. Open ID Connect service: administrators can only log in using an account configured on the OpenID Connect provider and obtain privileges according to the groups and roles associated with that account. Note that if this option is selected and the OpenID Connect provider is inaccessible for any reason, administrators will not be able to log in to the Pexip Infinity web-based Administrator interface or management API. Open ID Connect service and local database: administrators can log in using either the default local admin account or via an account configured on the OpenID Connect provider. LDAP database, Open ID Connect service and local database: administrators can log in using the default local admin account, via an account configured on the LDAP database, or via an account configured on the OpenID connect provider. To use the local admin account, ensure that Local database is selected, either on its own or in combination with another authentication source. Default: Local database. |
Require client certificate |
This option is only applicable if using LDAP as an authentication source. For more information, see Certificate-based authentication. |
Management API Oauth2 settings | |
The settings in this section apply to management API access via OAuth only. They do not affect local, LDAP or OpenID Connect access. For more information, see Managing API access via OAuth2. |
|
LDAP configuration
|
|
The settings in these sections apply to LDAP access only. They do not affect local or OpenID Connect access. For more information, see Managing administrator access via LDAP. |
|
OpenID Connect configuration | |
The settings in this section apply to OpenID Connect access only. They do not affect local or LDAP access. For more information, see Managing administrator access via OIDC. |
Reinstating the local admin account
If necessary you can reinstate access via the Pexip Infinity local on-box database, so that administrators can log in via the default admin account with full administrator privileges. You may need to do this if, for example, the Authentication source is configured as LDAP database only and your connectivity to the LDAP server goes down or your credentials become invalid.
To reactivate your local admin account, log in to the Management Node over SSH and run one of the following commands:
Command | Enables access via... |
---|---|
authset LDAP LOCAL | local admin account only |
authset LDAP REMOTE | LDAP accounts only |
authset LDAP BOTH | local admin account and LDAP accounts |
authset LDAP ALL | local admin account, LDAP accounts and OIDC accounts |
authset OIDC LOCAL | local admin account only |
authset OIDC REMOTE | OIDC accounts only |
authset OIDC BOTH | local admin account and OIDC accounts |
authset OIDC ALL | local admin account, LDAP accounts and OIDC accounts |
If you forget the password for the Pexip Infinity Administrator interface, you can re-run the installation wizard, being sure to change only the Web administration password setting.