Cisco Cisco Expressway Maintenance Manual
2.
Type the command passwd.
You will be asked for the new password.
You will be asked for the new password.
3.
Enter the new password and when prompted, retype the password.
4.
Type exit to log out of the root account.
Accessing the Root Account Over SSH
The root account can be accessed over a serial connection or SSH only.
To enable and disable access to the root account using SSH:
1.
Log in to the Expressway as root.
2.
Type one of the following commands:
—
rootaccess --ssh on
to enable access using SSH
—
rootaccess --ssh off
to disable access using SSH
3.
Type exit to log out of the root account.
If you have disabled SSH access while logged in using SSH, your current session will remain active until you log out,
but all future SSH access will be denied.
but all future SSH access will be denied.
Managing SSO tokens
Go to Users > SSO token holders to view the list of users who currently hold SSO tokens. This page can help you
troubleshoot issues related to single sign-on for a particular user.
troubleshoot issues related to single sign-on for a particular user.
You can also use this page to Purge tokens from all holders. This option is probably disruptive for your users so make
sure you need it before you proceed. You may need it, for example, if you know your security is compromised, or if you
are upgrading internal or edge infrastructure.
sure you need it before you proceed. You may need it, for example, if you know your security is compromised, or if you
are upgrading internal or edge infrastructure.
To manage the tokens of a particular user:
1.
[Optional] Filter by a substring of the username to return a smaller list.
You may need this if there are many usernames in the list, because a long list spans multiple pages of up to
200 usernames each.
200 usernames each.
2.
Click a username to see the detail of the tokens held by that user.
The SSO tokens for user <Username> page appears, listing details of the tokens issued to that user. The
details include the token issuer and expiry.
details include the token issuer and expiry.
3.
[Optional] Click Delete these tokens if you want the user's identity to be confirmed before they continue to
access the UC services.
access the UC services.
The next time the user's client attempts to access UC services via this Expressway-C, the client will be
redirected to the IdP with a new, signed request. The user may need to reauthenticate at the IdP, so that it can
assert their identity to the Expressway-C. The user can then be issued with new tokens where authorized.
redirected to the IdP with a new, signed request. The user may need to reauthenticate at the IdP, so that it can
assert their identity to the Expressway-C. The user can then be issued with new tokens where authorized.
247
Cisco Expressway Administrator Guide
User Accounts