beautypg.com

Managing user accounts, In this chapter, Managing user accounts with netconf overview – Brocade Network OS NETCONF Operations Guide v4.1.1 User Manual

Page 205: User accounts, Chapter 15, Chapter 15, “managing user accounts

background image

Network OS NETCONF Operations Guide

173

53-1003231-02

Chapter

15

Managing User Accounts

In this chapter

Managing user accounts with NETCONF overview . . . . . . . . . . . . . . . . . . . 173

User accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 173

Role-based access control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 179

Command access rules. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 182

Password policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 189

Security event logging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 196

Managing user accounts with NETCONF overview

This chapter provides procedures for managing user accounts with the NETCONF interface. Refer to
the Network OS Administrator’s Guide for the following related information:

Related conceptual overview information

Procedures and examples for managing user accounts using the Network OS command line
interface (CLI)

Through the NETCONF interface, you can perform the following operations for managing user
accounts:

Use the RPC to configure user accounts, role-based access control, command
access rules, and password policies.

Use the RPC to validate configuration settings.

Use the / custom action to unlock a user account.

User management parameters are defined in the brocade-aaa YANG module. For an overview and
structural map of the YANG module, refer to the Network OS YANG Reference Manual. For
definitions and explanations of all user management parameters, refer to the brocade-aaa.yang
file.

User accounts

A user account allows authorized user access to the switch CLI. A user account must be assigned a
role to specify the account’s access privileges. A user account can be disabled at any point,
preventing the user from logging in to the switch. A user can only be unlocked when the account is
auto-locked because the user exceeded the configured threshold for failed login attempts. Only an
administrator can create, change, unlock, or delete user accounts.