Default accounts in the local switch user database, Creating and modifying a user account, Table 5 – Brocade Network OS NETCONF Operations Guide v4.1.1 User Manual
Page 206
174
Network OS NETCONF Operations Guide
53-1003231-02
User accounts
15
All modules that pertain to security, for example, user and user roles, RBAC, and password
attributes (for example, encryption), are globally configurable data entities. This means that if a
switch is in logical chassis cluster mode, all switches in the cluster will have a common
configuration for all the previously mentioned entities.
Default accounts in the local switch user database
Network OS comes with two predefined user accounts that are part of the factory-default settings.
Brocade recommends that you change the password for all default accounts during the initial
installation and configuration for each switch.
The default user accounts are “admin” and “user,” and these accounts are associated with the
corresponding admin” and “user” roles in the switch-local user database. Only the “admin” and
“user” users can access the CLI and, except for the account password, no other attributes can be
changed for the default users “admin” and “user.”
By default, all account information is stored in the switch-local user database. User authentication
and tracking of logins to the switch is local by default.
NOTE
The maximum number of user accounts, including the default accounts, is 64. The maximum
number of roles, including the default roles is 64. For any environment requiring more than 64 users,
you should adopt an authentication, authorization, and accounting (AAA) service for user
management. Refer to
Chapter 16, “External Server Authentication”
for more information. The
maximum number of active Telnet or CLI sessions supported per switch is 32.
Creating and modifying a user account
When you create a user account you must specify three mandatory attributes: an account login
name, a role, and a password. The remaining attributes are optional.
TABLE 5
User account attributes
Parameter
Description
name
The name of the account. The user account name is case-sensitive, must not exceed
40 characters, and must begin with a letter. The text string can contain letters, numbers,
underscore (__), and periods (.). If the user name specified already exists, the username
command modifies the existing role.
role
The role assigned to the user defines the RBAC access privileges for the account.
password
The account password must satisfy all currently enforced password rules.
Refer to
on page 189 for more information.
encryption-level
The password encryption level. You can choose to encrypt the password (7) or leave it in clear
text (0). If you do not specify an encryption level, the default, clear text (0), is the default.
desc
A description of the account. The description can be up to 64 characters long, and can
include any printable ASCII character, except for the following characters: single quotation
marks (‘), double quotation marks (“), exclamation point (!), colon (:), and semi-colon (;). If the
description contains spaces. you must enclose the text in double quotation marks.
enable true | false Indicates whether the account is enabled or disabled. A user whose account is disabled
cannot log in. The default account status is enabled.