CloudShark supports three different user models, each providing a distinct level of access:
- Guest access disabled: users must be logged in to upload and view capture files. By default guest access is disabled. Note that a guest is considered any visitor without a CloudShark user account. With guest access disabled, all users must log in to view or upload capture files.
- Guest access enabled, view only: guests are allowed to view capture files that have been made public by CloudShark users. In this mode guests are not allowed to upload capture files.
- Guest access enabled, view and upload: guests are allowed to upload capture files in addition to viewing capture files that have been made public by CloudShark users.
All non-guest users are authenticated against CloudShark’s local database or optionally against an external authentication server, as discussed in the next section.
CloudShark’s user and group management policy utilizes a hybrid of local and external authentication. The CloudShark user model supports local authentication using the CloudShark database or external authentication using network directory information services such as LDAP, ActiveDirectory, Kerberos, or Single Sign-On using SAML. CloudShark also maintains group membership locally or accesses group membership information using the same network directory information services.
Local and external authentication modes may be used simultaneously allowing some users to be local while others exist externally. By default external authentication is disabled. External authentication can be enabled system wide in the Authentication page of the Administration menu.
More information on configuring the CloudShark appliance for external user authentication can be found in the external authentication article.
Admin and Guest Users
The admin and guest users are special system user accounts that cannot be deleted. The admin user has full administrative control in CloudShark and can modify system wide preferences and all aspects of any file on the system. The admin user’s full name and password can be modified on the settings page of the Administration menu.
The guest user is a restricted, non-login account that is completely disabled by default. Guest access can be enabled by selecting the Guest Access: Allow visitors to view shared files without having to log-in option on the settings page in the Administration menu. When guest access is enabled, guest upload functionality can also be enabled. By default guests are not allowed to upload files to CloudShark. Selecting the Guest Upload: Allow guests to upload & view captures option on the settings page of the Administration menu enables guest upload functionality.
With guest access enabled, anonymous users are able to view and optionally upload files into CloudShark and access them in the decoder window. After a file is uploaded, the URL is listed. An anonymous user must retain this link, since only users with accounts may access the capture file index. When guest access is enabled, CloudShark users also have the option of making select capture files Public, which allows anonymous users to view the files without having to log in to the system.
Users can be created both manually by an administrator or automatically when external authentication is enabled and an external user logs in for the first time. To modify the default user settings click on the Edit User Defaults button on the Users page.
These settings will only be applied to new user accounts that are created. They will not be applied to any existing users.
The following user settings can have default values applied for newly created users:
New users can automatically be added to an existing group with specific sharing settings.html).
If Guest Access is enabled on the Administrator Settings page then a users uploads can also be shared publicly by default.
If User Quotas are enabled then a new user can also be created with a default quota. If no value is specified for the storage or upload limit then that type of quota will not be enabled.
User API Tokens
An API Token can also be automatically created when a new user is created.
First-Login “Splash Page”
When a user logs into CloudShark for the first time, they can be redirected to any URL the administrator chooses to show them. This may be useful for supplying additional instructions or tutorials, terms of service of the server, or a variety of other reasons.
The URL should include the scheme (http:// or https://) if you are redirecting the user to another server. Click on the “check url” link to make sure the redirection goes where you expect it to.