Working with local and remote users

You can create two categories of users that access the system. These types are based on how the users are authenticated to the system. Local users must provide the username and password, and if you require command line access without entering a password, a Secure Shell (SSH) key - or both. Local users are authenticated through the authentication methods that are located on the system.

If the local user needs access to management GUI, a password is needed for the user. Access to the command-line interface (CLI) is also possible with the same password or (alternatively) a valid SSH key can be used. An SSH password is required if a user is working with both interfaces. User groups define roles that authorize the users within that group to a specific set of operations on the system.

Local users must be part of a user group that is defined on the system.

A remote user is authenticated on a remote service that is provided by an LDAP server and does not need local authentication methods. The remote user does not need to be added to the list of users on the system. If the user requires command-line access without entering a password, the remote user can be added to the system and an SSH key can be specified for the user.

Remote users cannot access the system when the remote service is down. A local user account must be used until the remote service is restored. The user groups a remote user is a member of are defined by the remote authentication service. To define a remote user, create a user group on the local computer that is also defined on the remote authentication service.