Cirro provides four account password combinations.
|Standard||Standard user password. You can set your user security policy (SQL) with SQL commands.||password|
|One Time Password||Time limited One Time Password generated with a system-issued QR code added to an Authenticator application such as Google Authenticator||totp|
|Combined Standard password & one-time password||A combination of the above.||both|
|Two Factor Authentication||Can be applied to any combination of the above. The system uses either Duo or Saaspass to push a notification to the account holder’s device (usually a smartphone or tablet) Two-Factor Authentication is set up with the ADD AUTHENTICATION SQL commands.||Duo (or) Saaspass|
- SSH to Cirro as root.
CREATE USER 'userName' IDENTIFIED BY 'password';
CREATE USER username; VALUES GENERATE_PASSWORD;
CREATE USER username IDENTIFIED BY 'password' EMAIL 'firstname.lastname@example.org' AUTHENTICATED BY method OPTIONS (SECRET 'HXDMVJECJJWSRB3HWIZR4IFUGFTMXBOZ')
CREATE USER 'targetuser' LIKE 'sourceuser' WITHOUT options IDENTIFIED BY 'password' EMAIL 'email@example.com';
‘userName’: The name for the new user, enclose in single quotes. userName is a case-sensitive VARCHAR(128) which complies with SQL username requirements and therefore does not include spaces or special characters.
LIKE: Allows duplication of ‘sourceuser’ roles and privileges in ‘targetuser’ account. Requires COPY USER privilege. If used, this must precede any other commands.
IDENTIFIED BY ‘password’: Sets ‘password’ to access the account. Always enclose the password in single quotes.
VALUES GENERATE_PASSWORD: Generates a random character password. See GENERATE_PASSWORD
EMAIL: the email address for the user account. Cirro sends a message to this user containing any of password, one time password link to QR code for Authenticator app setup, or two factor authentication link to Duo or Saaspass.
AUTHENTICATED BY method: Sets authentication method. Default is cirrootp (Cirro One-Time Password). Requires email address so user can receive account details.
OPTIONS (SECRET ‘HXDMVJECJJWSRB3HWIZR4IFUGFTMXBOZ’): A 32 character 160 bit number formatted using base 32. This is generated outside Cirro by the secure application of your choice.
WITHOUT options: exclude three options from any LIKE clause: DATABASE CREDENTIALS, ROLES or PRIVILEGES. WITHOUT must immediately follow LIKE argument.
DROP USER userName;
- userName: The name of an existing user.
Account with standard password
CREATE USER cirrouser IDENTIFIED BY 'p@ssword';
Account with system generated password
CREATE USER cirrouser; VALUES GENERATE_PASSWORD;
This returns a value, for example:
Account with standard password, email address and cirro one time password
CREATE USER cirrouser IDENTIFIED BY 'password' EMAIL 'firstname.lastname@example.org' AUTHENTICATED BY cirrootp OPTIONS (SECRET 'HXDMVJECJJWSRB3HWIZR4IFUGFTMXBOZ')
Account duplicating another with standard password, email address but no privileges
CREATE USER 'wecoyote' LIKE 'rrunner' EMAIL 'email@example.com' IDENTIFIED BY 'acme' WITHOUT PRIVILEGES
DROP USER wecoyote;