the-bastion/doc/sphinx-plugins-override/accountInfo.rst

72 lines
2.5 KiB
ReStructuredText
Raw Normal View History

Usage examples
==============
Show info about a specific account::
--osh accountInfo --account jdoe12
Gather info about all accounts, with no extra data except their egress keys::
--osh accountInfo --all --without-everything --with-egress-keys --json
Gather info about all accounts, including all extra data (and possibly future options)::
--osh accountInfo --all --with-everything --json
2020-10-16 00:32:37 +08:00
Output example
==============
::
│ user1 is a bastion admin
│ user1 is a bastion superowner
│ user1 is a bastion auditor
│ user1 has access to the following restricted commands:
│ - accountCreate
│ - accountDelete
│ - groupCreate
│ - groupDelete
│ This account is part of the following groups:
│ testgroup1 Owner GateKeeper ACLKeeper Member -
│ gatekeeper-grp2 Owner GateKeeper - - -
│ This account is active
│ This account has no TTL set
│ This account is not frozen
│ This account has seen recent-enough activity to not be activity-expired
│ As a consequence, this account can connect to this bastion
│ Last seen on Thu 2023-03-16 07:51:49 UTC (00:00:00 ago)
│ Created on Fri 2022-06-17 09:52:50 UTC (271d+21:58:59 ago)
│ Created by jdoe
│ Created using The Bastion v3.08.01
│ Account egress SSH config:
│ - (default)
│ PIV-enforced policy for ingress keys on this account is enabled
│ Account Multi-Factor Authentication status:
│ - Additional password authentication is not required for this account
│ - Additional password authentication bypass is disabled for this account
│ - Additional password authentication is enabled and active
│ - Additional TOTP authentication is not required for this account
│ - Additional TOTP authentication bypass is disabled for this account
│ - Additional TOTP authentication is disabled
│ - PAM authentication bypass is disabled
│ - Optional public key authentication is disabled
│ - MFA policy on personal accesses (using personal keys) on egress side is: password
│ - Account is immune to idle counter-measures: no
│ - Maximum number of days of inactivity before account is disabled: (default)
│ Account PAM UNIX password information (used for password MFA):
│ - Password is set
│ - Password was last changed on 2023-01-27
│ - Password must be changed every 90 days at least
│ - A warning is displayed 75 days before expiration
│ - Account will not be disabled after password expiration