This document describes how to configure impersonation using passwordless credentials to allow an agent user (for example,
ecbuild) on Ubuntu to
su to another user without a password.
The following procedures show how to configure passwordless credentials. In this example, the ElectricFlow agent runs under a user named
ecbuild, and the following procedures show how to allow this user to
su - testuser without a password.
Configuring the Agent Machine
Perform the following steps on each agent machine:
(Optional) If you do not want to use an existing group, create a group by entering
(Optional) If you do not want to use an existing user, create a user by entering
Make the password empty by entering
sudo passwd -d
For details, see “Can I set my user account to have no password?”
su -by adding the following two lines to the
/etc/pam.d/sufile just below the
auth [success=ignore default=1] pam_succeed_if.so user = testuser auth sufficient pam_succeed_if.so use_uid user = ecbuild
The first line ensures that the target user is
testuser. If it is, the next line takes
control and authorizes the
suif the calling user is
You can also restrict
suto a group. In the following example, the group
suwithout a password:
auth sufficient pam_succeed_if.so use_uid user ingroup allowedpeople
For details, see “Allow user1 to “su - user2” without password.”
Now you can run a procedure with credentials other than the
specifying a password for this user.
Adding a New Credential to a Project
Open a project in the Automation Platform and click the Credentials tab.
On the right side of the tab, click the Create Credential button.
The New Credential dialog box appears:
Fill in the fields. For example:
Note that you do not need to enter a password in this dialog box. The
credential name (the Name field) can be different than the user name.
Adding a New Credential to a Procedure
For every procedure that you want to run with the new credential:
Click the Use specific credential radio button.
Specify the Credential Name that you specified in the Name field above.
Running the Procedure to Test the Configuration
Click the Run button on the procedure to execute the procedure.
Check the Job Step Details >General tab for the job step that you just ran to ensure that the job was executed with the specified credential.