Recent disruptions to two undersea internet cables in the Baltic Sea have yet again...
3.1.7 Using the IRP management tool for token management
The IRP Management Tool (Irpmng) provides comprehensive options for managing GMI tokens, ensuring flexibility and control over token lifecycle and access rights.
- Addition: This feature enables the generation of new GMI tokens. It’s useful when new instances need to be registered or additional access needs to be granted.
- Modification: This allows for adjustments to be made to existing GMI tokens. Modifications can include changes to the token’s privilege level or its active state, accommodating evolving security requirements or operational changes.
- Deletion: To maintain optimal security and organization, outdated or unnecessary GMI tokens can be removed from the system. Regularly pruning tokens reduces potential attack vectors and keeps the token inventory manageable.
- Viewing: Users have the capability to inspect the details of existing GMI tokens. Information such as token short names, privilege levels, associated GMI UIDs, and the last access timestamp can be reviewed. This is crucial for auditing and tracking token usage.
The general syntax for executing commands related to GMI token management using the Irpmng module is as follows:
# irpmng gmi <command> <options> COMMAND: add - Adds a new token with specified parameters del - Provides delete operation list - List all existing tokens and their properties set - Patches specific token properties for the given GMI UID show - Displays a token in vertically formatted form for the given GMI UID help - print help information OPTIONS: -t, --token <token> - Desired token value -s, --shortname <shortname> - Desired token shortname -u, --uid <gmi_uid> - GMI unique identifier (UID) -a, --admin <admin> - Token administrative privileges [possible values: true, false] -e, --enabled <enabled> - Token status enabled or disabled [possible values: true, false]
# irpmng gmi add --token <TOKEN> --admin=true --uid <GMIUID> GMI token IRP[1] has been added as: Admin, Enabled Write down the token value as it cannot be retrieved later: ef4c474e3d0676d0de0fb584d3e9bc87784285483df9094d75bb555e6c82f093
Remove a GMI token: #
Deleting a GMI token will result in all data being lost including per-user settings, access tokens and notification subscriptions# irpmng gmi del <GMIUID> NOTE: The operation is irreversible. GMI token removal will remove all the user tokens created by that GMI instance Do you want to delete token IRP[1] (Y/n)? GMI token IRP[1] has been deleted
# irpmng gmi show <GMIUID> Id: 1 Rights: Admin State: Enabled Last access time: - Shortname: IRP GMI UID: d5b457501d230523a8a466babeb8d67a
List GMI tokens: #
# irpmng gmi list Id | Rights | State | Last access time | Shortname 1 | Admin | Enabled | 2024-03-05 14:58:50 | IRP-America 2 | User | Disabled | | IRP-Europe
Set a GMI token: #
# irpmng gmi set <GMIUID> --admin false --enabled false GMI token IRP[1] has been changed admin rights revoked state changed to disabled
Additionally, for improved security, it’s advisable to let the system automatically generate the token. This method ensures the creation of robust, complex tokens less susceptible to compromise.
To facilitate user interaction with the IRP Management Tool, the command “irpmng gmi help” is available. Executing this command presents a detailed overview of all the commands and options within the tool, aiding users in effectively utilizing its features.
Leveraging these guidelines and the capabilities of the Irpmng tool, administrators can adeptly manage GMI tokens. This careful management contributes to secure and efficient access to the Global Management Interface, ensuring the integrity and security of IRP instance interactions.