beautypg.com

Default accounts in the local switch user database, Creating and modifying a user account, Table 5 – Brocade Network OS NETCONF Operations Guide v4.1.1 User Manual

Page 206

background image

174

Network OS NETCONF Operations Guide

53-1003231-02

User accounts

15

All modules that pertain to security, for example, user and user roles, RBAC, and password
attributes (for example, encryption), are globally configurable data entities. This means that if a
switch is in logical chassis cluster mode, all switches in the cluster will have a common
configuration for all the previously mentioned entities.

Default accounts in the local switch user database

Network OS comes with two predefined user accounts that are part of the factory-default settings.
Brocade recommends that you change the password for all default accounts during the initial
installation and configuration for each switch.

The default user accounts are “admin” and “user,” and these accounts are associated with the
corresponding admin” and “user” roles in the switch-local user database. Only the “admin” and
“user” users can access the CLI and, except for the account password, no other attributes can be
changed for the default users “admin” and “user.”

By default, all account information is stored in the switch-local user database. User authentication
and tracking of logins to the switch is local by default.

NOTE

The maximum number of user accounts, including the default accounts, is 64. The maximum
number of roles, including the default roles is 64. For any environment requiring more than 64 users,
you should adopt an authentication, authorization, and accounting (AAA) service for user
management. Refer to

Chapter 16, “External Server Authentication”

for more information. The

maximum number of active Telnet or CLI sessions supported per switch is 32.

Creating and modifying a user account

When you create a user account you must specify three mandatory attributes: an account login
name, a role, and a password. The remaining attributes are optional.

TABLE 5

User account attributes

Parameter

Description

name

The name of the account. The user account name is case-sensitive, must not exceed
40 characters, and must begin with a letter. The text string can contain letters, numbers,
underscore (__), and periods (.). If the user name specified already exists, the username
command modifies the existing role.

role

The role assigned to the user defines the RBAC access privileges for the account.

password

The account password must satisfy all currently enforced password rules.
Refer to

“Password policies”

on page 189 for more information.

encryption-level

The password encryption level. You can choose to encrypt the password (7) or leave it in clear
text (0). If you do not specify an encryption level, the default, clear text (0), is the default.

desc

A description of the account. The description can be up to 64 characters long, and can
include any printable ASCII character, except for the following characters: single quotation
marks (‘), double quotation marks (“), exclamation point (!), colon (:), and semi-colon (;). If the
description contains spaces. you must enclose the text in double quotation marks.

enable true | false Indicates whether the account is enabled or disabled. A user whose account is disabled

cannot log in. The default account status is enabled.