beautypg.com

Nortel Networks 5500 series User Manual

Page 220

background image

220

Managing system users and groups

>> Groups# /cfg/sys/user

>> User# edit cert_admin

>> User cert_admin# password

Enter admin’s current password:

(

admin

user password)

Enter new password for cert_admin:

(

cert_admin

user

password)

Re-enter to confirm:

(reconfirm

cert_admin

user password)

7

Apply the changes.

>> User cert_admin# apply

Changes applied successfully.

8

Let the Certificate Administrator user define an export
passphrase.

This step is only necessary if you want to fully separate the
Certificate Administrator user role from the Administrator user
role. If the admin user is removed from the certadmin group
(as in

Step 9

), a Certificate Administrator export passphrase

(caphrase) must be defined.

As long as the admin user is a member of the certadmin
group (the default configuration), the admin user is prompted
for an export passphrase each time a configuration backup
that contains private keys is sent to a TFTP/FTP/SCP/SFTP
server (command:

/cfg/ptcfg

). When the admin user is

not a member of the certadmin group, the export passphrase
defined by the Certificate Administrator is used instead to
encrypt private keys in the configuration backup. The encryption
of private keys using the export passphrase defined by the
Certificate Administrator is performed transparently to the user,
without prompting. When the configuration backup is restored,
the Certificate Administrator must enter the correct export
passphrase.

ATTENTION

If the export passphrase defined by the Certificate Administrator is
lost, configuration backups made by the admin user while he or she
was not a member of the certadmin group cannot be restored.

The export passphrase defined by the Certificate
Administrator remains the same until changed by using
the

/cfg/sys/user/caphrase

command. For users who are

not members of the certadmin group, the

caphrase

command

in the User menu is hidden. Only users who are members of the
certadmin group should know the export passphrase. The export
passphrase can contain spaces and is case sensitive.

>> User cert_admin# ../caphrase

Enter new passphrase:

Re-enter to confirm:

Passphrase changed.

Nortel Secure Network Access Switch

Using the Command Line Interface

NN47230-100

03.01

Standard

28 July 2008

Copyright © 2007, 2008 Nortel Networks

.

This manual is related to the following products:
See also other documents in the category Nortel Networks Computer Accessories: