Multiple admin accounts

I want to have 2 admins on the same SurgeMail server, but I
cannot 
figure out how to give them separate usernames and
passwords.

Currently the 2 admins share the same un/pw.

Is it possible to have more than 1? How do I set it up?

Just to be perfectly clear - both admins need to be able to
log in 
through the Admin GUI and have access to all settings.

-- 
Neil Herber
Corporate info at http://www.eton.ca/

On 11-Jan-08, at 10:27 AM, Neil Herber (nospam) wrote:

> I want to have 2 admins on the same SurgeMail server,
but I cannot  
> figure out how to give them separate usernames and
passwords.
>
> Currently the 2 admins share the same un/pw.
>
> Is it possible to have more than 1? How do I set it
up?
>
> Just to be perfectly clear - both admins need to be
able to log in  
> through the Admin GUI and have access to all settings.
This is a feature that could be used to more securely fire
one of the  
admins 

I am not sure that Surgemail would update one admin screen
if another  
changed a parameter, so multiple writers would be an issue
to deal  
with by separation of access to domains or in time.  These
concerns  
are no different than 2 people using same password at same
time, which  
you apparently can live with.

A possibility would be to proxy the access though an Apache
access URL  
with a different user/pass for each. The true admin
interface would  
then be restricted to the apache machine only. I guess the
trick is to  
get each admin to send in the md5 encoded password to be
separately  
merged in the access file. Securing that file from
modification by an  
admin with universal access is a tough one. If the apache
access was  
done by a third party admin, it would be feasible.

There seems to be a UI cookie that controls the left menu
collapse  
state for a user that is pretty harmless.

Tellmail is another system level access that would need
possible  
separate terminal login passwords.

But the real question is why?  Would you not prefer an
OpenID single  
sign on or something like that?

Steve Hume

On 2008-01-11 Steve Hume is rumoured to have said:
> > Just to be perfectly clear - both admins need to
be able to log in through the Admin GUI and have access to
all settings.
> This is a feature that could be used to more securely
fire one of the admins 
... snip
> 
> But the real question is why?  Would you not prefer an
OpenID single sign on or something like that? 

You more or less nailed the reason in your first line. We
would like to 
be able to assure "management" that changes made
by either admin can be 
attributed to them.

Also, "management" wants the be assured that any
admin assigned to 
SurgeMail can be de-authorized if their duties change.

An even bigger problem is that I can't figure out if there
is an "admin 
actions" log of any sort, so the attribution function
may be impossible. 
But being able to control admin access is still very
important.

Thanks for the proxying suggestion, but it is out of the
question on 
this install.

-- 
Neil Herber
Corporate info at http://www.eton.ca/

Yes you can have multiple top level server admin accounts
defined.

Just add them using "./surgemail -password"
command. 

Marijn

--------------------------------------------------
From: "Neil Herber (nospam)" <nospameton.ca>
Sent: Saturday, January 12, 2008 4:27 AM
To: <surgemail-listnetwinsite.com>
Subject: [SurgeMail List] Multiple admin accounts

> I want to have 2 admins on the same SurgeMail server,
but I cannot 
> figure out how to give them separate usernames and
passwords.
> 
> Currently the 2 admins share the same un/pw.
> 
> Is it possible to have more than 1? How do I set it
up?
> 
> Just to be perfectly clear - both admins need to be
able to log in 
> through the Admin GUI and have access to all settings.
> 
> -- 
> Neil Herber
> Corporate info at http://www.eton.ca/
> 
> 

Thanks Marijn, this works just fine! Two supplementary
questions:

1) Is there a SM log that show admin activity? Logons at
least?
2) Is there a way to logoff from the admin web GUI?

Neil

Surgemail Support (Marijn) wrote:
> Yes you can have multiple top level server admin
accounts defined.
> 
> Just add them using "./surgemail -password"
command.
> Marijn
> 
> --------------------------------------------------
> From: "Neil Herber (nospam)" <nospameton.ca>
> Sent: Saturday, January 12, 2008 4:27 AM
> To: <surgemail-listnetwinsite.com>
> Subject: [SurgeMail List] Multiple admin accounts
> 
>> I want to have 2 admins on the same SurgeMail
server, but I cannot 
>> figure out how to give them separate usernames and
passwords.
>>
>> Currently the 2 admins share the same un/pw.
>>
>> Is it possible to have more than 1? How do I set it
up?
>>
>> Just to be perfectly clear - both admins need to be
able to log in 
>> through the Admin GUI and have access to all
settings.
>>
>> -- 
>> Neil Herber
>> Corporate info at http://www.eton.ca/
>>
>>
> 
> 


-- 
Neil Herber
Corporate info at http://www.eton.ca/

Well the sessions don't really get logged on and off as
such. It uses 
standard stateless realm based http authentication
information, which is 
optionally stored by the browser. The server has no way of
logging this out 
and has no control over whether this authentication
information gets stored 
by the browser or not.

> 1) Is there a SM log that show admin activity? Logons
at least?
> 2) Is there a way to logoff from the admin web GUI?

No sorry as there is no real concept session concept. The
user.cgi session 
as shown on the status - web sessions pane does however log
admin login _ ip 
address combinations as a "session". And when one
of these it created it is 
logged to mail.log as:

14 14:28:16.34:Info:4916: NETAUTH: Login info added for 
(admin;127.0.0.10;7026)

Marijn






--------------------------------------------------
From: "Neil Herber (nospam)" <nospameton.ca>
Sent: Monday, January 14, 2008 1:23 PM
To: <surgemail-listnetwinsite.com>
Subject: Re: [SurgeMail List] Multiple admin accounts

> Thanks Marijn, this works just fine! Two supplementary
questions:
>
> 1) Is there a SM log that show admin activity? Logons
at least?
> 2) Is there a way to logoff from the admin web GUI?
>
> Neil
>
> Surgemail Support (Marijn) wrote:
>> Yes you can have multiple top level server admin
accounts defined.
>>
>> Just add them using "./surgemail
-password" command.
>> Marijn
>>
>> --------------------------------------------------
>> From: "Neil Herber (nospam)"
<nospameton.ca>
>> Sent: Saturday, January 12, 2008 4:27 AM
>> To: <surgemail-listnetwinsite.com>
>> Subject: [SurgeMail List] Multiple admin accounts
>>
>>> I want to have 2 admins on the same SurgeMail
server, but I cannot 
>>> figure out how to give them separate usernames
and passwords.
>>>
>>> Currently the 2 admins share the same un/pw.
>>>
>>> Is it possible to have more than 1? How do I
set it up?
>>>
>>> Just to be perfectly clear - both admins need
to be able to log in 
>>> through the Admin GUI and have access to all
settings.
>>>
>>> -- 
>>> Neil Herber
>>> Corporate info at http://www.eton.ca/
>>>
>>>
>>
>>
>
>
> -- 
> Neil Herber
> Corporate info at http://www.eton.ca/
>
>