Manage users and profiles

tawonctl can help manage Tawon’s authentication and authorization system. It also supports multiple profiles, for easy switching between Controllers and user accounts.

Logging in

To log into the Tawon Controller run:

tawonctl login

You will be asked the address of the Controller (including the scheme, http or http), your username and password.

If you are the first user connecting to the Controller, you will create the first Admin user instead of logging in. You will be asked a Full Name on top of you username and password.

Logout

To log out of the current Session (and delete the corresponding profile, see below), use:

tawonctl logout

If you wish to delete all Session for the current user, add --all:

tawonctl logout --all

If you are an Admin user, you can delete all Sessions of another user by specifying their username:

tawonctl logout --all --username birgitstahl

You can only delete all Sessions for another user.

Profiles

As you log into the Controller a local profile (on the machine where you are calling tawonctl from) will be saved in your preferences directory.

Subsequent logins will create new profiles. The latest login will make that profile current. You can list profiles with:

tawonctl profiles

You can switch between profiles by passing the number of the profile (list with the command above):

tawonctl profiles set 1

You can delete a profile with (you can also use logout, see above):

tawonctl profiles rm 0

You can open the profiles configuration file with:

tawonctl profiles open

Users

Creating a new User

Only Admin users can create, delete, or password reset users.

To create a new user, run:

tawonctl users create

You will be asked for their username, full name, and role.

The user will then have to set their password on their first login attempt within the max reset duration, which is 24 hours by default, and can be configured with the --auth.reset flag on the Controller (e.g. --auth.reset 1h or --auth.reset 10m)

Removing a User

Users are not permanently removed but their account is disabled with:

tawonctl users rm joeb

They will no longer be able to log in or use the API.

Updating a User

Users can update their own account with:

tawonctl users update

An interactive shell will allow them to change their Name.

Admins can update another user, by entering another username, and can then change the user’s Role.

Password update

A user can update their password by calling:

tawonctl users pwupdate

Password reset

If a user has forgotten their password, an admin can reset their password with:

tawonctl users pwreset