Change admin username
-
Hi
I want to remove or change default admin username. but it isn't possible in System: User Manager to change admin username.
How can i do it? -
~~If you're running 2.0 or 2.1 it should be perfectly possible to change the default username to what ever you like.
It might be grey the username but click edit anyway out to the right.~~
-
No! you can click edit buttom to change password for admin user,but you can not change username.
-
I withdraw my previous statement - I set my username during installation, to something different then admin.
The field might look changeable but it isn't. Sorry.
-
Couldn't you just create a new users with the same access and disable the admin user?
-
I want to remove it completely. how you set username during installation?
-
I can't remember honestly - I just know I had the option probably in one of the first GUI's shown during the installation.
-
No solution?
-
Maybe "Mr. Search" have some answers for you ;D
http://forum.pfsense.org/index.php/topic,60013.msg326616.html#msg326616
http://forum.pfsense.org/index.php/topic,59119.msg317544.html#msg317544
-
very bad. admin user is bound to root. we can not remove it. this is strange…not any other security product do this.
-
Admin is bound to root, but you can still disable it in the GUI. It is not advisable to completely remove it. It would not work for things like XMLRPC sync which still only works with the "admin" user.
There are other places it is hardcoded or handled specially.
It's something we intend to address over time but there are ways around it now. You can install the sudo pkg, disable admin, and still perform root tasks as needed with non-root users.
-
thanks jim,
but when i disable admin user in webgui, i can still login with admin or root in console menu.
how can i solve this problem? -
Can you force that it needs certificates to log in?
I quickly search for changing the login ID from root to something else within FreeBSD, and nothing came up. I suspect nobody cares to as anybody allowed physical access is trusted?
I personally restrict access to the webGUI to one IP/mac on a specific interface that only this machine resides on. I don't make changes very often, only in my lab. I have some deep rooted paranoia about vulnerabilities in web daemons.
-
Thanks,
Have you disabled anti-lockout rule and defined a new firewall rule to restrict access? -
Yup, the default anti-lockout rule is disabled. Only specific subnet on a specific vlan can access my pfsense. But I rarely make changes, so this is perfect for me.
@Amirkabir:Thanks,
Have you disabled anti-lockout rule and defined a new firewall rule to restrict access?