Accessing the Default Support User Account

In addition to the default CLI user administration account, a Solace PubSub+ appliance offers a default support user account to allow low-level troubleshooting of the event broker. Note that this functionality is applicable only to appliances, and not to Solace PubSub+ software event brokers.

To access the default support user account access through the Solace CLI, perform the following steps with a CLI user account with a global access level of admin:

  1. Enter the following command:
  2. solace# shell <reason>

    Where:

    reason is a descriptive reason for accessing the Solace PubSub+ software shell account. For example:

    solace# shell Descriptive_reason_to_control_access_to_supp_acct
  3. When prompted, enter the default support user account name. For example:
  4. login as: support
  5. When prompted, enter the default support user account password (the default support user password is “support”). For example:
  6. Password: support

    Once connectivity to the event broker is established, a prompt similar to the following appears:

    [support@solace24]$

You can also log on to the default support account directly from an SSH connection login prompt. However, this functionality can be disabled on the event broker (refer to Controlling Access to the Default Support User).

Changing the Default Support User Password

Solace recommends that a system administrator change the default password for the default support user account once the initial software configuration is completed.

The system administrator must securely track the new password for the default support user account as it is not possible to recover it without granting Solace physical access to the event broker.

To change the default support user account access through the Solace CLI, perform the following steps:

  1. Enter the following command:
  2. solace# shell <reason>

    Where:

    reason is a descriptive reason for accessing the Solace PubSub+ shell account.

  3. When prompted, enter the default support user account name (that is, support).
  4. When prompted, enter the default support user account password (the default support user password is support).
  5. Once connectivity to the event broker is established, a prompt similar to the following appears:

    [support@solace24]$
  6. At the support user prompt, enter the following command:
  7. [support@solace24]$ passwd
  8. When prompted, enter the current UNIX password for the default support user account.
  9. When prompted, enter a new UNIX password for the default support user account

Controlling Access to the Default Support User

By default, the default support user account is available directly from an SSH login prompt. However, to ensure that the event broker authenticates users as valid CLI users before they login to the default support user account, Solace recommends disallowing direct shell access. This will force users that want to access the default support user account to login using a valid CLI user account with a Global admin access level.

In cases when you attempt to login as admin and the software does not come up, you are still permitted to log in to the default support user account. This is permitted for debugging purposes.

To control access to the default support user account, enter the following CONFIG commands (a global admin access level is required):

solace(configure)# authentication 
solace(configure/authentication)# no allow-direct-shell-login support