For a deeper look into our Elektron API, look into:
Overview | Quickstart | Documentation | Downloads | Tutorials | Articles
In the LPC 1.4 install guide, page 8, section 2.3.2.1, it says:
To perform root-less execution, your system admin must create an account called ‘radmin’ with user ID 500, group ID 500, and a home directory.
We are already using a non-root user to run the 1.2 lpc client. Is there a reason why we can’t continue to use that same user with the 1.4 client? I would think that as long as we configure the directory permissions correctly, we could continue to use the existing id.
Hello @shawn bower
Thank you for your participation in the forum. Is the reply below satisfactory in resolving your query?
If so please can you click the 'Accept' text next to the appropriate reply? This will guide all community members who have a similar question.
Thanks,
AHS
Hello.
LPC 1.4 performs encrypted internet connections using the "new" authentication system. This system has 2 methods for access: (1) STS tokens using a "client secret" (aka password) or (2) STS tokens using JWT. For JWT configurations, the LPC requires customer data to be present on the systems. For security, LPC encrypts the customer data files and uses the non-root account "radmin" with certain directory permissions.
LPC 1.4 has not been tested using accounts other than 'root' or 'radmin'. Any attempt to use accounts other than 'root' or 'radmin' is non-standard and thus not supported. Having said this, it is possible that LPC 1.4 may function with another non-root account using the (1) STS token with "client secret". This mode for LPC 1.4 has similar behaviors to LPC 1.2 and may work with a different non-root account.
However, I would steer clear away from using a different non-root account if using LPC 1.4 with JWT functionality. The installation scripts use 'radmin' and expect to use that account. If the non-root account isn't provisioned properly, LPC 1.4 won't function correctly.
We currently use "client secret" with the 1.2 LPC and we plan to continue to use "client secret" with the 1.4 version.
