Red Hat Summit Red Hat SummitApoyoConsolaDesarrolladoresIniciar una pruebaContacto

Este contenido no está disponible en el idioma seleccionado.

Chapter 15. Deleting the Bootstrap User

Important

Before you delete the bootstrap user, create a real PKI administrative user as described in Chapter 14, Creating a Role User.
To delete the bootstrap user, follow the procedure described in the Deleting a Certificate System User section in the Red Hat Certificate System Administration Guide (Common Criteria Edition).

15.1. Disabling Multi-roles Support
Copiar enlace

By the default, users can belong to more than one subsystem group at once, allowing the user to act as more than one role. For example, John Smith could belong to both an agent and an administrator group. However, for highly secure environments, the subsystem roles should be restricted so that a user can only belong to one role. This can be done by disabling the multirole attribute in the instance's configuration.
For all subsystems:
  1. Stop the server: 
    systemctl stop pki-tomcatd@instance_name.service
    Copy to Clipboard Toggle word wrap
    OR 
    systemctl stop pki-tomcatd-nuxwdog@instance_name.service (if using nuxwdog watchdog)
    Copy to Clipboard Toggle word wrap
  2. Open the CS.cfg file: 
    vim /var/lib/pki/instance_name/ca/conf/CS.cfg
    Copy to Clipboard Toggle word wrap
  3. Change the multiroles.enable parameter value from true to false.
  4. Add or edit the list of default roles in Certificate System that are affected by the multi-roles setting. If multi-roles is disabled and a user belongs to one of the roles listed in the multiroles.false.groupEnforceList parameter, then the user cannot be added to any group for any of the other roles in the list. 
    multiroles.false.groupEnforceList=Administrators,Auditors,Trusted Managers,Certificate Manager Agents,Registration Manager Agents,Key Recovery Authority Agents,Online Certificate Status Manager Agents,Token Key Service Manager Agents,Enterprise CA Administrators,Enterprise KRA Adminstrators,Enterprise OCSP Administrators,Enterprise TKS Administrators,Enterprise TPS Administrators,Security Domain Administrators,Subsystem Group
    Copy to Clipboard Toggle word wrap
  5. Restart the server: 
    systemctl start pki-tomcatd@instance_name.service
    Copy to Clipboard Toggle word wrap
    OR 
    systemctl start pki-tomcatd-nuxwdog@instance_name.service (if using nuxwdog watchdog)
    Copy to Clipboard Toggle word wrap
Volver arriba
Red Hat logoGithubredditYoutubeTwitter

Aprender

Pruebe, compre y venda

Comunidades

Acerca de la documentación de Red Hat

Ayudamos a los usuarios de Red Hat a innovar y alcanzar sus objetivos con nuestros productos y servicios con contenido en el que pueden confiar. Explore nuestras recientes actualizaciones.

Hacer que el código abierto sea más inclusivo

Red Hat se compromete a reemplazar el lenguaje problemático en nuestro código, documentación y propiedades web. Para más detalles, consulte el Blog de Red Hat.

Acerca de Red Hat

Ofrecemos soluciones reforzadas que facilitan a las empresas trabajar en plataformas y entornos, desde el centro de datos central hasta el perímetro de la red.

Theme

© 2025 Red Hat