TD relies on Linux configuration for user management and authentication. If you want to SSH into a TD container, or authenticate API requests, TD would use regular Linux PAM system to authenticate users.
It might not be very convenient to add users every time you remove the TD container and start the new one. The idea is to have all configuration in the startup-config file, so you can kill and start new containers without any extra tuning. Starting from 1.3.1 it’s possible to create users directly from TD CLI.
Config model:
management users
!
user
password [cleartext|encrypted] <>
Example:
TD1#conf TD1(config)#management users TD1(config-mgmt-users)#user testuser123 TD1(config-mgmt-username)#password cleartext testpwd123
The cleartext pаssword is not stored anywhere, its converted immediately into a salted hash that is stored in /etc/shаdow. Verify:
TD1#show run | sec users
management users
!
user testuser123
password encrypted $6$ywTuflJYxwWhyJUs$xxAptP1yoU23MwTyWZ50wNPm8wIPHMr42yN6mm4BovOAeNpPq5fx4tyST5fEK8UDMt7yyb9WhiNvfanlNyVC30
Next time you can start another TD container with the same config, the user will be created with the encrypted pаssword. You can also copy-paste the encrypted pаssword into CLI of another container.