9. Remove the admin user from the certadmin group.
10. Verify and apply the changes.
User Guide
>> User cert_admin#
Enter new passphrase:
Re-enter to confirm:
Passphrase changed.
Again, this step is only necessary if you want to fully separate the Certificate
Administrator user role from the Administrator user role. Note however, once the
admin user is removed from the certadmin group, only a user who is already a
member of the certadmin group can grant the admin user certadmin group
membership.
When the admin user is removed from the certadmin group, only the Certificate
Administrator user can access the Certificate menu (/cfg/cert).
edit admin
>> User#
groups/list
>> User admin#
1: tunnelguard
2: admin
3: oper
4: certadmin
del 4
>> Groups#
Note:
It is critical that a Certificate Administrator user is created and assigned certadmin
group membership before the admin user is removed from the certadmin group.
Otherwise there is no way to assign certadmin group membership to a new user,
or to restore certadmin group membership to the admin user, should it become
necessary.
list
>> Groups#
Old:
1: tunnelguard
2: admin
3: oper
4: certadmin
Pending:
1: tunnelguard
2: admin
3: oper
apply
>> Groups#
../caphrase
Adding a New User
April 2013
79