Reference: User Administration menu
Use TanOS to manage user accounts on the Tanium appliance. Users with the tanadmin role can manage two types of user accounts:
- Use the System Users menu to manage TanOS system users. These user accounts can access the TanOS console, but not the Taniumâ„¢ Console. This includes the predefined TanOS users tanadmin, tancopy, tanfactory, and tanuser. For more information on the predefined TanOS user accounts, see Configure user access (physical appliance) or Configure user access (virtual appliance).
- Use the Local Authentication menu to manage Tanium users who can access the Tanium Console through a web browser. These user accounts can not access the TanOS console. TanOS hosts a local authentication service that you can use for Tanium Console user authentication. In addition, you can use your enterprise LDAP server to manage Tanium Console authentication. For details on using LDAP, see the Tanium Core Platform User Guide.
Change TanOS user passwords
The TanOS special users tanadmin and tanuser can make password-authenticated SSH connections to the TanOS console.
Change the tanadmin password
Use these steps to reset the password for the current tanadmin user. To change the password for another tanadmin user, see Manage system users.
- Log into the TanOS console as a user with the tanadmin role.
The TanOS console displays the tanadmin menu. 
View screen
------------------------------------------------------
>>> tanadmin menu <<<
1: Tanium Installation Menu
2: Tanium Operations Menu
3: Tanium Support Menu
4: Status Menu
A: Appliance Configuration Menu
B: Appliance Maintenance Menu
C: User Administration Menu
P: Password change (current user)
Q: View End User License Agreement (EULA)
F: Flexible Menu Search
@: About this Appliance
H: Help
Z: Log out
------------------------------------------------------
- Enter P and follow the prompts to change the password. View screen
>>> TanAdmin -> Password Change <<<
The password policy requires meeting these rules:
- Minimum of 10 characters long
- At least 1 upper case character
- At least 1 lower case character
- At least 1 numeric character
- At least 1 other character
- Must not match any of recent 4 passwords
- Must not be based on a dictionary word
- Must not contain part of the username
Do you want to continue with password change for user tanadmin? [Yes|No]:
After the password changes, you are logged out.
Reset the tanuser password
- Log into the TanOS console as a user with the tanadmin role.
- Enter C to go to the User Administration menu. View screen
------------------------------------------------------
>>> User Administration <<<
1: Restricted User (tanuser) Password Reset
2: Factory-Reset User (tanfactory) Password Reset
3: SSH Key Management
A: System User Management
B: Local Authentication Service
H: Help
R: Return to previous menu
------------------------------------------------------
- Enter 1 and follow the prompts to reset the password. View screen
>>> Appliance User Administration -> Reset Restricted User Password <<<
This option will reset the password for tanuser to the default. (Tanium1)
On next login tanuser will be forced to change their password.
Would you like to reset tanuser password? [Yes|No]: yes
Password change successful.
tanuser password has been reset to default
tanuser will be forced to change their password on next login.
Do you also want to reset the account lockout? [Yes|No]: yes
Account lockout has been reset
Press enter to continue
Reset the tanfactory password
- Log into the TanOS console as a user with the tanadmin role.
- Enter C to go to the User Administration menu. View screen
------------------------------------------------------
>>> User Administration <<<
1: Restricted User (tanuser) Password Reset
2: Factory-Reset User (tanfactory) Password Reset
3: SSH Key Management
A: System User Management
B: Local Authentication Service
H: Help
R: Return to previous menu
------------------------------------------------------
- Enter 2 and follow the prompts to reset the password. View screen
>>> Appliance User Administration -> Reset Factory User Password <<<
This option will set the password for tanfactory
This account is only supposed to be used to reset this appliance to factory defaults
in case tanadmin cannot login anymore!
tanfactory is only allowed to remove all software/configuration!
Warning: Setting the password will also enable the account, in case it was disabled
Would you like to set the tanfactory password? [Yes|No]:
The password policy requires meeting these rules:
- Minimum 10 characters long
- At least 1 upper case character
- At least 1 lower case character
- At least 1 numeric character
- At least 1 other character
- Must not be based on a dictionary word
- Must not contain part of the username
Please enter password (will not be displayed):
Password score: 50 out of 100 (strong)
Please enter password again:
Password setting for tanfactory successful.
Press enter to continue:
Manage SSH keys
The installation process generates a public/private SSH key pair for the tanadmin user. Use the SSH Key Management menu to perform the following functions:
- Regenerate the key pair
- Generate keys for the other TanOS special users
- Add authorized keys to support inbound user connections
- Display the public key so you can copy and paste it into other appliance configurations
You can use ssh-copy-id to add an SSH public key to any TanOS user with the tanadmin profile.
Before you begin
- You must have an SSH client to log into the TanOS console and an SFTP client such as WinSCP to copy files to and from the appliance.
- You must have an SSH key generator such as ssh-keygen to generate keys for the user.
Generate keys
- Log into the TanOS console as a user with the tanadmin role.
- Enter C to go to the User Administration menu. View screen
------------------------------------------------------
>>> User Administration <<<
1: Restricted User (tanuser) Password Reset
2: Factory-Reset User (tanfactory) Password Reset
3: SSH Key Management
A: System User Management
B: Local Authentication Service
H: Help
R: Return to previous menu
------------------------------------------------------
- Enter 3 to go to the SSH Key Management menu. View screen
>>> User Administration -> SSH Key Management <<<
1: tanadmin
2: tanuser
3: tancopy
H: Help
R: Return to previous menu
------------------------------------------------------
- Enter the line number of the user account that you want to manage to display the key management menu for this user. View screen
>>> Appliance User Administration -> SSH Key Management -> tanadmin <<<
Username: tanadmin
1: Generate ssh key pair
2: Display public key
3: Manage authorized key(s)
R: Return to previous menu
------------------------------------------------------
- Enter 1 to generate a public/private key pair. View screen
>>> Appliance User Administration -> SSH Key Management -> tanadmin -> Generate keys <<<
Found existing id_rsa file for user tanadmin
Would you like to OVERWRITE the existing keys? [Yes|No]: yes
Ok, we will generate new keys for user tanadmin
keygen process finished successful
Finished generating keys for tanadmin
Press enter to continue
Add authorized keys
- Use an SSH key generator such as ssh-keygen to generate a public/private key pair. Note:
- Specify an RSA key with 2048 bits (such as ssh-keygen -t rsa -b 2048).
- Specify a passphrase that is easy to remember.
- Save the private key to a location that you can access when you set up your SFTP client.
- Copy all of the text in the public key file to the clipboard. If you use ssh-keygen, copy the contents of the .pub file that you created.
In an SSH key exchange, the keys must match exactly.
- Log into the TanOS console as a user with the tanadmin role.
- Enter C to go to the User Administration menu. View screen
------------------------------------------------------
>>> User Administration <<<
1: Restricted User (tanuser) Password Reset
2: Factory-Reset User (tanfactory) Password Reset
3: SSH Key Management
A: System User Management
B: Local Authentication Service
H: Help
R: Return to previous menu
------------------------------------------------------
- Enter 3 to go to the SSH Key Management menu. View screen
>>> User Administration -> SSH Key Management <<<
1: tanadmin
2: tanuser
3: tancopy
H: Help
R: Return to previous menu
------------------------------------------------------
- Enter the line number for the tancopy user to display the key management menu for this user. View screen
>>> User Administration -> SSH Key Management -> tancopy <<<
Username: tancopy
1: Generate ssh key pair
2: Display public key
3: Manage authorized key(s)
R: Return to previous menu
------------------------------------------------------
- Enter 3 to go to the Authorized Keys menu. View screen
>>> AUA -> SSH Key Management -> tancopy -> Authorized Keys <<<
Username: tancopy
1: List keys
2: Add keys
3: Delete key
R: Return to previous menu
------------------------------------------------------
- Enter 2 and follow the prompts to add the contents of the public key generated in Step 1. View screen
>>> AUA -> SSH Key Management -> tancopy -> Authorized Keys -> Add <<<
Please paste the public key and press enter:
ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEA1ClmgkMrbbxB7jND/Y4/Giupck35xAuGNKfZWqVLM5F0CNXuTScf6v2zMDxW5TO5tm/U
8P9sqh19RDEzTn2RayXzsoZmXyB8abCCpHG4+03Zv05RHiX4i5QomAMBnbZejdA9/fGTxO1rPo1rdtTqZ+KCgzbEhHLWUD44+If5RtG+
U4kgyzlYsyjgwhfho+BrRY6e7QYBsXVbuBQ9ROGV6PCTB80jXZVAKrAbsTQ1DVkpuBuemftv7vOn3b8MKzJ/IY/LLL1tIgpSGvgvjr2m
OJJ+JoZF2XnPVUFmYiDSCkPAzhCyFHILHfOVAfws9n1G6p3fwILqNhvBoPeaCFaApQ== rsa-key-20200123
Validating input
Adding key to authorized keys after validation
Finished adding authorized keys for tancopy
Press enter to continue
Display public keys
- Log into the TanOS console as a user with the tanadmin role.
- Enter C to go to the User Administration menu. View screen
------------------------------------------------------
>>> User Administration <<<
1: Restricted User (tanuser) Password Reset
2: Factory-Reset User (tanfactory) Password Reset
3: SSH Key Management
A: System User Management
B: Local Authentication Service
H: Help
R: Return to previous menu
------------------------------------------------------
- Enter 3 to go to the SSH Key Management menu. View screen
>>> User Administration -> SSH Key Management <<<
1: tanadmin
2: tanuser
3: tancopy
H: Help
R: Return to previous menu
------------------------------------------------------
- Enter the line number for the tancopy user to display the key management menu for this user. View screen
>>> User Administration -> SSH Key Management -> tancopy <<<
Username: tancopy
1: Generate ssh key pair
2: Display public key
3: Manage authorized key(s)
R: Return to previous menu
------------------------------------------------------
- Enter 2 to display the public key. View screen
>>> Appliance User Administration -> SSH Key Management -> tancopy -> Display public key <<<
displaying content of id_rsa.pub file:
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCxZM3of2hG2tY2OSULmfPjteIQ8xYNFodRxYpXTX93L75VZHO64h7GgFz3xegj8Ic2GHOF
lvQFp2fk+c7A+OqDdekdjmbA85Ir+G/J5bd+i6RjfJnI0fkfMkutzHS7uaeP+f8s6cOo19Qa8cMxH1O58kwhz/mcXEKX2w32bBcFxRv6lyes
uKv26UT56YwiJk2chll31NVoZKEOWdyXXutKzYe7IvZHZpwFtisRUMxrfzVrZtzqc5c1z0acJ2RQYg0QpZ9O9b/azqMnMDxDeVuhw4+oR3Cf
NYatTCLH1Npgn8hviFHXPwFhQGipLWh1JlRokgWn0tReYkbKiiiV3rnZmNA8WinpNErVSYsrw71VxurcOrmVe9jOL7nuXY6Is4bkIEuca5kH
Trd4c927MKVNBf+jVgw7HsXVANBIe1iH47vO+GHKNzoOExAXMBJ0oRjk/EUMMKTvcCQ77OsC4TxkMlhqNYEpnkM5v9JURznu1d7MgrXquYl/
Cybnql1nliOjfQQsZ42PBr/gg4qktwZ5iWcKW4k7J1CuDyM207RCkrgGs/5ldOy/5s2AtJgWXIFTHaENT7tvbPvGLPs3GOfkr79rasur/hUg
OndIdLS+eDkd3KRxbIE3Kx1b3cNKnMpIC+LJLypbnQ6UpryzpnmroCUxhbB05i8uPzK2x2ab9Q== [email protected]
Press enter to continue
Configure TanOS system users
You can create TanOS users that have permissions equivalent to tanadmin or tanuser system users. The system users with the tanadmin role have access to all menus. System users with the tanuser role have access to status menus.
Add a system user
- Log into the TanOS console as a user with the tanadmin role.
- Enter C to go to the User Administration menu. View screen
------------------------------------------------------
>>> User Administration <<<
1: Restricted User (tanuser) Password Reset
2: Factory-Reset User (tanfactory) Password Reset
3: SSH Key Management
A: System User Management
B: Local Authentication Service
H: Help
R: Return to previous menu
------------------------------------------------------
- Enter A to go to the System Users menu. View screen
------------------------------------------------------
>>> User Administration -> System Users <<<
System users can login to monitor the appliance
or perform administrative tasks.
1: Add System User
2: Manage System User(s)
A: View Last 20 Successful Logins
B: View Last 20 Failed Logins
C: View Login Statistics
H: Help
R: Return to previous menu
------------------------------------------------------
- Enter 1 and follow the prompts to add a system user. View screen
>>> Appliance User Administration -> System Users -> Add System User <<<
Adding a system user requires first name, last name, user name and user role.
Attention:
TanUser Role: Monitor/Check the status of the appliance, no changes are allowed
TanAdmin Role: Full administrative role to manage the appliance
A temporary password will be generated and the new user is required to change
their password upon first login!
The password policy requires meeting these rules:
- Minimum of 10 characters long
- At least 1 upper case character
- At least 1 lower case character
- At least 1 numeric character
- At least 1 other character
- Must not match any of recent 4 passwords
- Must not be based on a dictionary word
- Must not contain part of the username
Please enter first name: John
Please enter last name: Doe
Please enter desired user name (max 30 chars): john.doe
Which role should be assigned to john.doe?
1: TanUser (Monitoring)
2: TanAdmin (Administrative)
Please select: 2
The temporary password for john.doe is: proudbrownwildfowl
Adding local user john doe ...
Successfully added user john doe (username: john.doe) with role tanadmin.
Press enter to continue
Disable password access
You can disable password access for any user except the tanadmin special user. When you disable password access for a user, the user can only log in through SSH using the configured SSH private key.
- Log into the TanOS console as a user with the tanadmin role.
- Enter C to go to the User Administration menu. View screen
------------------------------------------------------
>>> User Administration <<<
1: Restricted User (tanuser) Password Reset
2: Factory-Reset User (tanfactory) Password Reset
3: SSH Key Management
A: System User Management
B: Local Authentication Service
H: Help
R: Return to previous menu
------------------------------------------------------
- Enter A to go to the System Users menu. View screen
------------------------------------------------------
>>> User Administration -> System Users <<<
System users can login to monitor the appliance
or perform administrative tasks.
1: Add System User
2: Manage System User(s)
A: View Last 20 Successful Logins
B: View Last 20 Failed Logins
C: View Login Statistics
H: Help
R: Return to previous menu
------------------------------------------------------
- Enter 2 to manage the system users. View screen
------------------------------------------------------
>>> User Administration -> System Users -> Manage <<<
#: User ID Role Locked Name
1: tanadmin tanadmin No (0) Tanium Privileged User
2: tanuser tanuser No (0) Tanium Restricted User
3: tancopy tanuser No (0) Tanium Copy User
4: john.doe tanadmin No (0) john doe
R: Return to previous menu
------------------------------------------------------
- Enter the line item of the user that you want to manage to display the User menu. View screen
------------------------------------------------------
>>> User Administration -> System Users -> Manage -> User <<<
Username: john.doe
Account Enabled: Yes
Authentication: SSH Key or Password
SSH Lockout: No (0)
M: Manage SSH Keys
L: Reset SSH Lockout
P: Reset/Enable Password (Randomized)
K: Disable Password Access
E: Enable Account
D: Disable Account
X: Delete User
R: Return to previous menu
------------------------------------------------------
- Enter K and follow the prompts to disable password access for the user. View screen
------------------------------------------------------
>>> User Administration -> System Users -> Manage -> User <<<
Username: john.doe
Account Enabled: Yes
Authentication: SSH Key or Password
SSH Lockout: No (0)
M: Manage SSH Keys
L: Reset SSH Lockout
P: Reset/Enable Password (Randomized)
K: Disable Password Access
E: Enable Account
D: Disable Account
X: Delete User
R: Return to previous menu
------------------------------------------------------
TanOS Version: 1.6.0
TanOS_Shell Version: 1.6.0
Please select: k
Disabling the password for an account means that
1. The user can only log in via SSH (not a serial console or equivalent)
2. The user can only log in using the configured SSH private key
3. The user will not need to change their password periodically
This operation can be reversed by setting a password again.
Do you want to disable password access for john.doe? [Yes|No]: yes
Successfully removed the password.
Press enter to continue
Enable password access
Password access is enabled by default. If you disable password access for a user and want to re-enable password access, perform the following steps.
- Log into the TanOS console as a user with the tanadmin role.
- Enter C to go to the User Administration menu. View screen
------------------------------------------------------
>>> User Administration <<<
1: Restricted User (tanuser) Password Reset
2: Factory-Reset User (tanfactory) Password Reset
3: SSH Key Management
A: System User Management
B: Local Authentication Service
H: Help
R: Return to previous menu
------------------------------------------------------
- Enter A to go to the System Users menu. View screen
------------------------------------------------------
>>> User Administration -> System Users <<<
System users can login to monitor the appliance
or perform administrative tasks.
1: Add System User
2: Manage System User(s)
A: View Last 20 Successful Logins
B: View Last 20 Failed Logins
C: View Login Statistics
H: Help
R: Return to previous menu
------------------------------------------------------
- Enter 2 to manage the system users. View screen
------------------------------------------------------
>>> User Administration -> System Users -> Manage <<<
#: User ID Role Locked Name
1: tanadmin tanadmin No (0) Tanium Privileged User
2: tanuser tanuser No (0) Tanium Restricted User
3: tancopy tanuser No (0) Tanium Copy User
4: john.doe tanadmin No (0) john doe
R: Return to previous menu
------------------------------------------------------
- Enter the line item of the user that you want to manage to display the User menu. View screen
------------------------------------------------------
>>> User Administration -> System Users -> Manage -> User <<<
Username: john.doe
Account Enabled: Yes
Authentication: SSH Key Only
SSH Lockout: No (0)
M: Manage SSH Keys
L: Reset SSH Lockout
P: Reset/Enable Password (Randomized)
K: Disable Password Access
E: Enable Account
D: Disable Account
X: Delete User
R: Return to previous menu
------------------------------------------------------
- Enter P to enable password access.
Manage system users
- Log into the TanOS console as a user with the tanadmin role.
- Enter C to go to the User Administration menu. View screen
------------------------------------------------------
>>> User Administration <<<
1: Restricted User (tanuser) Password Reset
2: Factory-Reset User (tanfactory) Password Reset
3: SSH Key Management
A: System User Management
B: Local Authentication Service
H: Help
R: Return to previous menu
------------------------------------------------------
- Enter A to go to the System Users menu. View screen
------------------------------------------------------
>>> User Administration -> System Users <<<
System users can login to monitor the appliance
or perform administrative tasks.
1: Add System User
2: Manage System User(s)
A: View Last 20 Successful Logins
B: View Last 20 Failed Logins
C: View Login Statistics
H: Help
R: Return to previous menu
------------------------------------------------------
- Enter 2 to manage the system users. View screen
------------------------------------------------------
>>> User Administration -> System Users -> Manage <<<
#: User ID Role Locked Name
1: tanadmin tanadmin No (0) Tanium Privileged User
2: tanuser tanuser No (0) Tanium Restricted User
3: tancopy tanuser No (0) Tanium Copy User
4: john.doe tanadmin No (0) john doe
R: Return to previous menu
------------------------------------------------------
- Enter the line item of the user that you want to manage to display the User menu. View screen
------------------------------------------------------
>>> User Administration -> System Users -> Manage -> User <<<
Username: john.doe
Account Enabled: Yes
Authentication: SSH Key or Password
SSH Lockout: No (0)
M: Manage SSH Keys
L: Reset SSH Lockout
P: Reset/Enable Password (Randomized)
K: Disable Password Access
E: Enable Account
D: Disable Account
X: Delete User
R: Return to previous menu
------------------------------------------------------
- Use the menu to delete the user, reset or enable the password, manage SSH keys, disable password access, or enable/disable the account.
View history of logins
- Log into the TanOS console as a user with the tanadmin role.
- Enter C to go to the User Administration menu. View screen
------------------------------------------------------
>>> User Administration <<<
1: Restricted User (tanuser) Password Reset
2: Factory-Reset User (tanfactory) Password Reset
3: SSH Key Management
A: System User Management
B: Local Authentication Service
H: Help
R: Return to previous menu
------------------------------------------------------
- Enter A to go to the System Users menu. View screen
------------------------------------------------------
>>> User Administration -> System Users <<<
System users can login to monitor the appliance
or perform administrative tasks.
1: Add System User
2: Manage System User(s)
A: View Last 20 Successful Logins
B: View Last 20 Failed Logins
C: View Login Statistics
H: Help
R: Return to previous menu
------------------------------------------------------
- Use options A, B, and C to view the login history.
Configure the local authentication service
You can use the local authentication service to set up Tanium Console user accounts for demo or testing purposes.
Tanium recommends you configure the Tanium Console to use an external LDAP server to authenticate Tanium users. For details, see the Tanium Core Platform User Guide. Additionally, if you plan to use the local authentication service with the Tanium LDAP Sync connector, you must use the following user filter in the LDAP Sync Connector configuration:
(&(objectClass=person)(uidNumber>=20000))
The Local Authentication Service menu is available only after you install the Tanium Server role. It is not available when other roles are installed.
Add a local user
- Log into the TanOS console as a user with the tanadmin role.
- Enter C to go to the User Administration menu. View screen
------------------------------------------------------
>>> User Administration <<<
1: Restricted User (tanuser) Password Reset
2: Factory-Reset User (tanfactory) Password Reset
3: SSH Key Management
A: System User Management
B: Local Authentication Service
H: Help
R: Return to previous menu
------------------------------------------------------
- Enter B to go to the Local Authentication menu. View screen
------------------------------------------------------
>>> Appliance User Administration -> Local Authentication <<<
Local Users can be used for Tanium application authentication.
1: Add Local User
2: Manage Local User(s)
A: Enable/Disable Local Authentication Service
B: Security Policy Local Authentication Service
H: Help
R: Return to previous menu
------------------------------------------------------
- Enter 1 and follow the prompts to add a local user. View screen
>>> Appliance User Administration -> Local Authentication -> Add Local User <<<
Adding a local user requires first name, last name and a user name.
Attention:
Please assign the new user appropriate roles and rights in the Tanium application!
Please enter first name: John
Please enter last name: Doe
Please enter desired user name (max 20 chars): john.doe
The password policy requires meeting these rules:
- Minimum 10 characters long
- At least 1 upper case character
- At least 1 lower case character
- At least 1 numeric character
- At least 1 other character
- Must not be based on a dictionary word
- Must not contain part of the username
Please enter password (will not be displayed):
Password score: 50 out of 100 (strong)
Please enter password again:
Successfully added user John Doe (username: john.doe) to the local authentication service.
Press enter to continue
Set a user password
- Log into the TanOS console as a user with the tanadmin role.
- Enter C to go to the User Administration menu. View screen
------------------------------------------------------
>>> User Administration <<<
1: Restricted User (tanuser) Password Reset
2: Factory-Reset User (tanfactory) Password Reset
3: SSH Key Management
A: System User Management
B: Local Authentication Service
H: Help
R: Return to previous menu
------------------------------------------------------
- Enter B to go to the Local Authentication menu. View screen
------------------------------------------------------
>>> Appliance User Administration -> Local Authentication <<<
Local Users can be used for Tanium application authentication.
1: Add Local User
2: Manage Local User(s)
A: Enable/Disable Local Authentication Service
B: Security Policy Local Authentication Service
H: Help
R: Return to previous menu
------------------------------------------------------
- Enter 2 to display the Manage Local Users menu. View screen
------------------------------------------------------
>>> Appliance User Administration -> Local Authentication -> Manage Local User(s) <<<
The following local users currently exist:
#: User ID Locked Expired User Name
1: tanldap NO NO tanldap tanldap
2: tanium NO NO tanium tanium
H: Help
R: Return to previous menu
------------------------------------------------------
- Enter the user line number to display the User menu. View screen
>>> Appliance User Administration -> Local Authentication -> Manage Local User(s) -> User <<<
UserID Name Lock Time Expiry Time (hh:mm:ss DD/MM/YYYY)
tanldap tanldap tanldap n/a n/a
1: Delete User
2: Set Password
H: Help
R: Return to previous menu
------------------------------------------------------
- Enter 2 and follow the prompts to set the user password. View screen
>>> Appliance User Administration -> Local Authentication -> Manage Local User(s) -> User <<<
UserID Name Lock Time Expiry Time (hh:mm:ss DD/MM/YYYY)
tanldap tanldap tanldap n/a n/a
1: Delete User
2: Set Password
H: Help
R: Return to previous menu
------------------------------------------------------
TanOS Version: 1.6.0
TanOS_Shell Version: 1.6.0
Please select: 2
Setting new password for tanldap
The password policy requires meeting these rules:
- Minimum 10 characters long
- At least 1 upper case character
- At least 1 lower case character
- At least 1 numeric character
- At least 1 other character
- Must not be based on a dictionary word
- Must not contain part of the username
Please enter password (will not be displayed):
Delete a user
- Log into the TanOS console as a user with the tanadmin role.
- Enter C to go to the User Administration menu. View screen
------------------------------------------------------
>>> User Administration <<<
1: Restricted User (tanuser) Password Reset
2: Factory-Reset User (tanfactory) Password Reset
3: SSH Key Management
A: System User Management
B: Local Authentication Service
H: Help
R: Return to previous menu
------------------------------------------------------
- Enter B to go to the Local Authentication menu. View screen
------------------------------------------------------
>>> Appliance User Administration -> Local Authentication <<<
Local Users can be used for Tanium application authentication.
1: Add Local User
2: Manage Local User(s)
A: Enable/Disable Local Authentication Service
B: Security Policy Local Authentication Service
H: Help
R: Return to previous menu
------------------------------------------------------
- Enter 2 and to display the Manage Local Users menu. View screen
------------------------------------------------------
>>> Appliance User Administration -> Local Authentication -> Manage Local User(s) <<<
The following local users currently exist:
#: User ID Locked Expired User Name
1: tanldap NO NO tanldap tanldap
2: tanium NO NO tanium tanium
H: Help
R: Return to previous menu
------------------------------------------------------
- Enter the user line number to display the User menu. View screen
>>> Appliance User Administration -> Local Authentication -> Manage Local User(s) -> User <<<
UserID Name Lock Time Expiry Time (hh:mm:ss DD/MM/YYYY)
john.doe John Doe n/a n/a
1: Delete User
2: Set Password
H: Help
R: Return to previous menu
------------------------------------------------------
- Enter 1 and follow the prompts to delete the user.
Disable the local authentication service
- Log into the TanOS console as a user with the tanadmin role.
- Enter C to go to the User Administration menu. View screen
------------------------------------------------------
>>> User Administration <<<
1: Restricted User (tanuser) Password Reset
2: Factory-Reset User (tanfactory) Password Reset
3: SSH Key Management
A: System User Management
B: Local Authentication Service
H: Help
R: Return to previous menu
------------------------------------------------------
- Enter B to go to the Local Authentication menu. View screen
------------------------------------------------------
>>> Appliance User Administration -> Local Authentication <<<
Local Users can be used for Tanium application authentication.
1: Add Local User
2: Manage Local User(s)
A: Enable/Disable Local Authentication Service
B: Security Policy Local Authentication Service
H: Help
R: Return to previous menu
------------------------------------------------------
- Enter A and follow the prompts to enable or disable the local authentication service. View screen
>>> Appliance User Administration -> Local Authentication -> Enable/Disable Local Authentication <<<
Current status of the Local Authentication Service:
Enabled
Active
Warning: make sure that you have configured the Tanium application to use an
external authentication service prior disabling the local authentication service!
Would you like to disable the Local Authentication Service? [Yes|No]: yes
Disabling Local Authentication Service
Local Authentication Service has been disabled.
Press enter to continue
Although the Tanium Console contains a soap_enable_local_auth global setting to disable local authentication, that setting is not supported for Tanium Appliance installations.
Modify the local authentication service security policy
The local authentication service security policy has the following default settings.
| Password Minimum Age (days) |
1 |
The minimum number of days between password changes.
A value of 0 indicates the password can be changed at any time. Valid range is 0-20. |
| Password Maximum Age (days) |
90 |
The age at which a current password expires. A value of 0 indicates the password does not expire. Valid range is 0-360. |
| Password Minimum Length |
10 |
The minimum number of characters allowed in a password. Valid range is 0-30.
|
| Password History |
5 |
The number of most recent passwords that a user cannot reuse. A setting of 0 allows reuse of any previous passwords. Valid range is 0-10.
|
| Password Lockout |
True |
True locks out a user with an expired password. False forces the user to change the password. |
| Password Maximum Failure |
5 |
The number of failed attempts before a user is locked out. A setting of 0 allows unlimited failed attempts. Valid range is 0-10.
|
To modify the default settings:
- Log into the TanOS console as a user with the tanadmin role.
- Enter C to go to the User Administration menu. View screen
------------------------------------------------------
>>> User Administration <<<
1: Restricted User (tanuser) Password Reset
2: Factory-Reset User (tanfactory) Password Reset
3: SSH Key Management
A: System User Management
B: Local Authentication Service
H: Help
R: Return to previous menu
------------------------------------------------------
- Enter B to go to the Local Authentication menu. View screen
------------------------------------------------------
>>> Appliance User Administration -> Local Authentication <<<
Local Users can be used for Tanium application authentication.
1: Add Local User
2: Manage Local User(s)
A: Enable/Disable Local Authentication Service
B: Security Policy Local Authentication Service
H: Help
R: Return to previous menu
------------------------------------------------------
- Enter B to go to the Security Policy Local Authentication Service menu. View screen
------------------------------------------------------
>>> Appliance User Administration -> Local Authentication -> Security Policy Local Authentication Service <<<
Current Security Policy:
Password Minimum Age (days): 1
Password Maximum Age (days): 90
Password Minimum Length: 10
Password History: 5
Password Lockout: TRUE
Password Maximum Failure: 5
Would you like to change the security policy? [Yes|No]:
- Follow the prompts to modify the settings.
Enable tanremote user
The tanremote user can log into the iDRAC virtual console to diagnose hardware and network interface issues in the event the TanOS system becomes unavailable. The tanremote user is not a TanOS user or a Tanium Console user.
Before you begin
You must use a cable to connect the iDRAC interface to your network and use TanOS to configure the iDRAC interface IP address before you enable the tanremote user. See Configure the iDRAC interface.
Enable the tanremote user
- Log into the TanOS console as a user with the tanadmin role.
- Enter C to go to the User Administration menu.
- Enter X to go to the Advanced User menu. View screen
------------------------------------------------------
>>> Appliance User Administration -> Advanced User Menu <<<
iDRAC user Tanremote is only available via the iDRAC interface.
Currently Tanremote user is
1: Change Tanremote Password
2: Enable/Disable Tanremote User
3: Close all iDRAC sessions
H: Help
R: Return to previous menu
------------------------------------------------------
- Enter 1 and use the Password Change menu to change the password of the tanremote user. Do this first, even though the user is disabled. View screen
>>> Appliance User Administration -> iDRAC User -> Password Change <<<
This will change the iDRAC user Tanremote password.
Access to the iDRAC is via the specific iDRAC IP.
Would you like to change the tanremote password? [YES/NO]: yes
The password policy requires meeting these rules:
- Minimum 10 characters long
- At least 1 upper case character
- At least 1 lower case character
- At least 1 numeric character
- At least 1 other character
- Must not be based on a dictionary word
- Must not contain part of the username
Please enter password (will not be displayed):
- Enter 2 and follow the prompts to enable the tanremote user. View screen
>>> Appliance User Administration -> iDRAC Users -> Enable/Disable User <<<
Currently Tanremote user is Disabled
Do you want to Enable the Tanremote user ? [YES/NO]:yes
Changing Tanremote status, this may take a few seconds please wait
Successfully enabled Tanremote user
Press enter to continue:
Access the iDRAC virtual console
You can access the iDRAC virtual console at http://<iDRAC interface IP address>. Login in with username tanremote and the password that was set with this procedure.
