Chapter 6. Managing user accounts in the web console

The RHEL web console offers an interface for adding, editing, and removing system user accounts.

After reading this section, you will know:

  • From where the existing accounts come from.
  • How to add new accounts.
  • How to set password expiration.
  • How and when to terminate user sessions.

Prerequisites

6.1. System user accounts managed in the web console

With user accounts displayed in the RHEL web console you can:

  • Authenticate users when accessing the system.
  • Set the access rights to the system.

The RHEL web console displays all user accounts located in the system. Therefore, you can see at least one user account just after the first login to the web console.

After logging into the RHEL web console, you can perform the following operations:

  • Create new users accounts.
  • Change their parameters.
  • Lock accounts.
  • Terminate user sessions.

6.2. Adding new accounts using the web console

Use the following steps for adding user accounts to the system and setting administration rights to the accounts through the RHEL web console.

Prerequisites

Procedure

  1. Log in to the RHEL web console.
  2. Click Accounts.
  3. Click Create New Account.

  4. In the Full Name field, enter the full name of the user.

    The RHEL web console automatically suggests a user name from the full name and fills it in the User Name field. If you do not want to use the original naming convention consisting of the first letter of the first name and the whole surname, update the suggestion.

  5. In the Password/Confirm fields, enter the password and retype it for verification that your password is correct.

    The color bar below the fields shows you the security level of the entered password, which does not allow you to create a user with a weak password.

  6. Click Create to save the settings and close the dialog box.
  7. Select the newly created account.

  8. In the Groups drop down menu, select the groups that you want to add to the new account.

    cockpit accounts new user

    Now you can see the new account in the Accounts settings and you can use its credentials to connect to the system.

6.3. Enforcing password expiration in the web console

By default, user accounts have set passwords to never expire. You can set system passwords to expire after a defined number of days. When the password expires, the next login attempt will prompt for a password change.

Procedure

  1. Log in to the RHEL 8 web console.
  2. Click Accounts.
  3. Select the user account for which you want to enforce password expiration.

  4. Click edit on the Password line.

    cockpit edit password change

  5. In the Password expiration dialog box, select Require password change every …​ days and enter a positive whole number representing the number of days after which the password expires.

  6. Click Change.

    The web console immediately shows the date of the future password change request on the Password line.

6.4. Terminating user sessions in the web console

A user creates user sessions when logging into the system. Terminating user sessions means to log the user out from the system. It can be helpful if you need to perform administrative tasks sensitive to configuration changes, for example, system upgrades.

In each user account in the RHEL 8web console, you can terminate all sessions for the account except for the web console session you are currently using. This prevents you from loosing access to your system.

Procedure

  1. Log in to the RHEL 8 web console.
  2. Click Accounts.
  3. Click the user account for which you want to terminate the session.

  4. Click Terminate Session.

    If the Terminate Session button is inactive, the user is not logged in to the system.

    The RHEL web console terminates the sessions.