Adding a user

To add another user, add a new row beginning with “User” which complies with the following pattern:

User<Number>=<PASSWORD-TYPE>:<USERNAME>:<PASSWORD>:<ROLE>

Instead of the placeholders use the according values, which are explained below:

Role

Description

<Number>

An integer counter starting with 1. Increase this by 1 for each new user entry.

<PASSWORD-TYPE>

PLAIN or MD5 or BCRYPT(since 9.11.2)
(determines how the <PASSWORD> entry is interpreted)

<USERNAME>

The login name of the user for basic access authentication at the REST endpoint.

<PASSWORD>

Depending on <PASSWORD-TYPE> provide a plain or an MD5 password.

In a plain password no colon “:” is supported!

<ROLE>

See Scheduler configuration – user roles

Table 81: Scheduler configuration – user authorization string

The following user roles are available, which provide different sets of permissions:

Role

Description

NONE

Role without permissions

READ

Provides the read permission to the monitoring functions

OPERATOR

Provides permissions to create, pause, and start jobs (includes READ)

ADMIN

Provides the permission to shut down the Scheduler (includes READ + OPERATOR)

Table 82: Scheduler configuration – user roles

Encrypting a plaintext password with an MD5 hash

An MD5 password hash can be generated with the following command in Linux:

echo -n SomePassword | md5sum

Encrypting a plaintext password with a BCRYPT hash

Before release 9.13.1, a BCRYPT password hash can be generated with the following script (in Linux):

./genhash.sh SomePassword

The script is provided in the coldscheduler assembly subdirectory “/bin” (since 9.11.2).

Starting from ImageMaster 9.13.1, the following encryption options are supported by “monitor.sh”:

  • for a BCRYPT hash use option “-b” or “--bcrypt
  • for an AES encrypted password with key size 256 use option “-e” or “--encrypt

Also see Command Line Monitor.

Example configuration entries in properties file

A user entry corresponds to the following pattern:

User<Number>=<PASSWORD-TYPE>:<USERNAME>:<PASSWORD>:<ROLE>

Based on this pattern, example entries for users in ColdScheduler.properties are illustrated below. In this example for each user (here with the names “guest”, “operator” and “admin”) a different password type is used:

User1=PLAIN:guest:guest123Xy:READ
User2=MD5:operator:5f4dcc3b5aa765d61d8327deb882cf99:OPERATOR
User3=BCRYPT:admin:$2a$04$faKTk9ds8L46WrhBiT8LC.vQaPsOL0Zs6tsX7tHSR47lZTpe0wdKi:ADMIN
DefaultUserRole=NONE