1.11 Create New User

Create a local user in this step. Administrating local users is a suitable option for stand-alone workstations. If setting up a client on a network with centralized user authentication, click Change and proceed with the Section 1.11.1, Expert Settings.

After entering the first name and last name, either accept the proposal or specify a new Username that will be used to log in. Finally, enter a password for the user. Reenter it for confirmation (to ensure that you did not type something else by mistake). To provide effective security, a password should be between five and eight characters long. The maximum length for a password is 72 characters. However, if no special security modules are loaded, only the first eight characters are used to discern the password. Passwords are case-sensitive. Special characters (7-bit ASCII) and the digits 0 to 9 are allowed. Other special characters like umlauts or accented characters are not allowed.

Passwords you enter are checked for weakness. When entering a password that is easy to guess (such as a dictionary word or a name) you will see a warning. It is a good security practice to use strong passwords.

IMPORTANT: Username and Password

Remember both your username and the password because they are needed each time you log in to the system.

Figure 1-8 Create New User

Three additional options are available:

Use this Password for the System Administrator

If checked, the same password you have entered for the user will be used for the system administrator root. This option is suitable for stand-alone workstations or machines in a home network that are administrated by a single user. When not checked, you are prompted for a system administrator password in the next step of the installation workflow (see Section 1.11.2, Password for the System Administrator root).

Receive System Mail

Checking this box sends messages created by the system services to the user. These are usually only sent to root, the system administrator. This option is useful for the most frequently used account, because it is highly recommended to log in as root only in special cases.

The mails sent by system services are stored in the local mailbox /var/spool/mail/username, where username is the login name of the selected user. To read e-mails after installation, you can use any e-mail client, for example KMail or Evolution.

Automatic Login

This option automatically logs the current user in to the system when it starts. This is mainly useful if the computer is operated by only one user.

WARNING: Automatic Login

With the automatic login enabled, the system boots straight into your desktop with no authentication at all. If you store sensitive data on your system, you should not enable this option as long as the computer can also be accessed by others.

1.11.1 Expert Settings

Click Change in the Create User dialog to set up network authentication or, if present, import users from a previous installation. Also change the password encryption type in this dialog.

You can also add additional user accounts or change the user authentication method in the installed system. For detailed information about user management, see Section 8.0, Managing Users with YaST, (↑ Reference ).

The default authentication method is Local (/etc/passwd). If a former version of openSUSE or another system using /etc/passwd is detected, you may import local users. To do so, check Read User Data from a Previous Installation and click Choose. In the next dialog, select the users to import and finish with OK.

Access to the following network authentication services can be configured:

LDAP

Users are administered centrally on an LDAP server for all systems in the network. More information is available in Section 4.4, Configuring an LDAP Client with YaST, (↑ Security Guide ).

NIS

Users are administered centrally on an NIS server for all systems in the network. See Section 3.2, Configuring NIS Clients, (↑ Security Guide ) for more information.

Windows Domain

SMB authentication is often used in mixed Linux and Windows networks. and Section 5.3, Configuring a Linux Client for Active Directory, (↑ Security Guide ).

Along with user administration via LDAP and NIS, you can use Kerberos authentication. To use it, select Set Up Kerberos Authentication. For more information on Kerberos, refer to Section 6.0, Network Authentication with Kerberos, (↑ Security Guide ).

1.11.2 Password for the System Administrator root

If you have not chosen Use this Password for the System Administrator in the previous step, you will be prompted to enter a Password for the System Administrator root. Otherwise this configuration step is skipped.

root is the name of the superuser, or the administrator of the system. Unlike regular users (who may or may not have permission to access certain areas or execute certain commands on the system), root has unlimited access to change the system configuration, install programs, and set up new hardware. If users forget their passwords or have other problems with the system, root can help. The root account should only be used for system administration, maintenance, and repair. Logging in as root for daily work is rather risky: a single mistake could lead to irretrievable loss of system files.

For verification purposes, the password for root must be entered twice. Do not forget the root password. Once entered, this password cannot be retrieved.

The root can be changed any time later in the installed system. To do so run YaST and start Security and Users > User and Group Management.

WARNING: The root User

The user root has all the permissions needed to make changes to the system. To carry out such tasks, the root password is required. You cannot carry out any administrative tasks without this password.