Change admin username
-
Couldn't you just create a new users with the same access and disable the admin user?
pfsense: 2.1.5-RELEASE, AMD64
Running on: MB/CPU: ASUS P8H77-I / Core i3-2120T | MEM: 8GB DDR3 | HDD: WD Blue 120GB 2.5" SATA | WAN/LAN: Fujitsu D2735-2 – Intel® chip 82576NS | WLAN: Realtek® 8111F PCIe | Connection: 1000/1000Mbit (Bredband2.com)
[
/U -
I want to remove it completely. how you set username during installation?
-
I can't remember honestly - I just know I had the option probably in one of the first GUI's shown during the installation.
pfsense: 2.1.5-RELEASE, AMD64
Running on: MB/CPU: ASUS P8H77-I / Core i3-2120T | MEM: 8GB DDR3 | HDD: WD Blue 120GB 2.5" SATA | WAN/LAN: Fujitsu D2735-2 – Intel® chip 82576NS | WLAN: Realtek® 8111F PCIe | Connection: 1000/1000Mbit (Bredband2.com)
[/U -
No solution?
-
Maybe "Mr. Search" have some answers for you ;D
http://forum.pfsense.org/index.php/topic,60013.msg326616.html#msg326616
http://forum.pfsense.org/index.php/topic,59119.msg317544.html#msg317544
-
very bad. admin user is bound to root. we can not remove it. this is strange…not any other security product do this.
-
Admin is bound to root, but you can still disable it in the GUI. It is not advisable to completely remove it. It would not work for things like XMLRPC sync which still only works with the "admin" user.
There are other places it is hardcoded or handled specially.
It's something we intend to address over time but there are ways around it now. You can install the sudo pkg, disable admin, and still perform root tasks as needed with non-root users.
-
thanks jim,
but when i disable admin user in webgui, i can still login with admin or root in console menu.
how can i solve this problem? -
Can you force that it needs certificates to log in?
I quickly search for changing the login ID from root to something else within FreeBSD, and nothing came up. I suspect nobody cares to as anybody allowed physical access is trusted?
I personally restrict access to the webGUI to one IP/mac on a specific interface that only this machine resides on. I don't make changes very often, only in my lab. I have some deep rooted paranoia about vulnerabilities in web daemons.
-
Thanks,
Have you disabled anti-lockout rule and defined a new firewall rule to restrict access? -
Yup, the default anti-lockout rule is disabled. Only specific subnet on a specific vlan can access my pfsense. But I rarely make changes, so this is perfect for me.
@Amirkabir:Thanks,
Have you disabled anti-lockout rule and defined a new firewall rule to restrict access?
