[ root @ xenserver / ] # cd / etc /
[ root @ xenserver etc ] # vi xapi_allow
root
admin1
admin2
admin3
[ root @ xenserver / ] # cd /etc/pam.d/
[ root @ xenserver pam.d ] # vi xapi
#% PAM-1.0
auth required pam_env.so
auth required pam_listfile.so item = user sense = allow file = / etc / xapi_allow
auth sufficient pam_unix.so try_first_pass nullok
auth required pam_deny.so
account required pam_unix.so
password required pam_cracklib.so try_first_pass retry = 3
password sufficient pam_unix.so try_first_pass use_authtok nullok md5
password required pam_deny.so
session optional pam_keyinit.so revoke
session required pam_limits.so
session [ success = 1 default = ignore ] pam_succeed_if.so service in crond quiet use_uid
session required pam_unix.so
[ root @ xenserver / ] # chmod 600 / etc / xapi_allow
[ root @ xenserver / ] # xe pool-enable-external-auth auth-type = PAM service-name = pam
[ root @ xenserver / ] # xe role-list
uuid ( RO ) : 7955168d-7bec-10ed-105f-c6a7e6e63249
name ( RO ) : vm-power-admin
description ( RO ) : snapshot features
uuid ( RO ) : aaa00ab5- 7340 -bfbc-0d1b-7cf342639a6e
name ( RO ) : vm-admin
description ( RO ) : VMs and templates
uuid ( RO ) : fb8d4ff9-310c-a959-0613-54101535d3d5
name ( RO ) : vm-operator
description ( RO ) : VM VMs can interact with VM consoles
uuid ( RO ) : 7233b8e3-eacb-d7da-2c95-f2e581cdbf4e
name ( RO ) : read-only
description ( RO ) :
uuid ( RO ) : b9ce9791-0604-50cd-0649-09b3284c7dfd
name ( RO ) : pool-operator
description ( RO ) : it is a pool and a wide range of resources, including a pool of resources and a workload balancing ( WLB )
uuid ( RO ) : 0165f154-ba3e-034e-6b27-5d271af109ba
name ( RO ) : pool-admin
description ( RO ) :
[ root @ xenserver / ] # xe subject-add subject-name = admin1
932d3540-d08c-bbf8-adf8-03c0f9aaaf43
[ root @ xenserver / ] # xe subject-list
uuid ( RO ) : 932d3540-d08c-bbf8-adf8-03c0f9aaaf43
subject-identifier ( RO ) : u501
other-config ( MRO ) : subject-name: admin1; subject-uid: u501; subject-gid: g501; subject-gecos :; subject-displayname: admin1; subject-is-group: false ; subject-account-disabled: false ; subject-account-expired: false ; subject-account-locked: false ; subject-password-expired: false
roles ( SRO ) : pool-admin
[ root @ xenserver / ] # /etc/init.d/xapi stop
[ root @ xenserver / ] # vi /var/xapi/state.db
other_config = "(('subject-name' 'admin1') ('subject-uid' 'u501') ('subject-gid' 'g501') ('subject-gecos'' ') (' subjec
t-displayname '' admin1 ') (' subject-is-group '' false ') (' subject-account-disabled '' false ') (' subject-account-expired '' false ') (' subject-account- locked '
'false') ('subject-password-expired' 'false')) " subject_identifier = " u501 " uuid = " 932d3540-d08c-bbf8-adf8-03c0f9aaaf43 " roles = "
roles = "('OpaqueRef: 7233b8e3-eacb-d7da-2c95-f2e581cdbf4e')"
[ root @ xenserver / ] # /etc/init.d/xapi start
Starting xapi: .... start-of-day complete. [ OK ]
[ root @ xenserver / ] # xe subject-list
uuid ( RO ) : 932d3540-d08c-bbf8-adf8-03c0f9aaaf43
subject-identifier ( RO ) : u501
other-config ( MRO ) : subject-name: admin1; subject-uid: u501; subject-gid: g501; subject-gecos :; subject-displayname: admin1; subject-is-group: false ; subject-account-disabled: false ; subject-account-expired: false ; subject-account-locked: false ; subject-password-expired: false
roles ( SRO ) : read-only
Source: https://habr.com/ru/post/135303/