Tacacs+ hosts, Local username database, Tacacs+ hosts local username database – HP StorageWorks IP Storage Router User Manual

Configuring Authentication

151

IP Storage Router SR2122-2 User Guide

TACACS+ Hosts

To configure TACACS+ security services:

1. enable — Enter Administrator mode.

2. tacacs-server host 10.7.0.22

— Specify the TACACS+ server to

be used for AAA authentication services. For example, specify the TACACS+
server at

10.7.0.22 for use by the Storage Router. Because no port is

specified, the authentication requests use the default port

49. The global

timeout value is also used.

3. tacacs-server key tacacs123SN

— Configure the global

authentication and encryption key to be used for all TACACS+
communications between the storage router and the TACACS+ server. For
example, set the key to

tacacs123SN. This key must match the key used by

the TACACS+ daemon.

Local Username Database

To configure a local username database:

Note:

Passwords are entered in clear text but are changed to “XXXXX” in the CLI

command history cache and are stored in the local username database in encrypted

format.

1. enable — Enter Administrator mode.

2. username labserver password foo username labserver2

password foo2

— Enter a user name and password for each device

requiring authentication prior to access to storage. For example, add the
following user name and password combinations:

■

labserver and foo

■

labserver2 and foo2

User name and password pairs must match the user name and password pairs
configured for the iSCSI drivers that require access to storage via the SCSI
routing instances that have iSCSI authentication enabled. If other
authentication services are also used (such as RADIUS or TACACS+), these
user name and password pairs must also be configured within the databases
those services use for authentication purposes.

The following rules apply to passwords: