Can the consul user account created/used on the Data Aggregator (DA) be placed under a Password Manager?

[root@DataAggregator ~]# cat /etc/passwd | grep -i consul
consul:x: 4204:4207:consul:/home/consul:/bin/bash

DX NetOps CAPM all currently support releases

We now allow users in the latest releases to choose the DA and DAproxy user, and if that user is non-root, we use it for consul processes. So that OS account can use whatever password mechanism is required, meaning you should be able to manage it with PAM.

If running as root, then we run consul under the "consul" user account. It has NO password set by default, and you can't login to it either.

So while managing it with a Password Manager such as PAM (Privilege Access Manager) shouldn't be a problem, we advise that you should test it first in a development (non-production) environment as we have done no testing or Quality Assurance on this usage scenario.

You can only remove the "consul" OS user account if the consul process is running as the non-root user that DA or daproxy is running as. So DA or daproxy will have been installed using a non-root user account.

If the DA and /or daproxy is running as root, then we need consul running as the non-root "consul" account, and it cannot be removed.

If you wish to change DA or daproxy to run as non-root and set consul service to that same user so that the consul user can be removed, rerun DA or daproxy install over the top and enter a non-root service account when prompted for install user.