To change the password for a different account, Setting up radius aaa service, Setting up radius aaa – HP Brocade 4Gb SAN Switch for HP BladeSystem p-Class User Manual
Page 46: Service
46
Configuring standard security features
•
Password prompting is disabled when security mode is enabled.
•
Starting with Fabric OS v4.4.0, admin level accounts can use Web Tools to change passwords.
•
Starting with Fabric OS v3.2.0, you cannot change default account names.
•
For information on password behavior when you upgrade (or downgrade) firmware, see ”
firmware changes on accounts and passwords
To change the password for the current login account:
1.
Connect to the switch and log in as either admin or user.
2.
Issue the following command:
passwd
3.
Enter the requested information at the prompts.
To change the password for a different account:
1.
Connect to the switch and log in as admin.
2.
Issue the following command:
passwd name
where
name
is the name of the account.
3.
Enter the requested information at the prompts.
If the named account has lesser privileges than the current account, the old password is not required. If
the named account has equal or higher privileges than the current account, you are prompted to enter
the old password.
Setting up RADIUS AAA service
Fabric OS v3.2 and v4.4 support Remote Authentication Dial-in User Service (RADIUS) authentication,
authorization, and accounting (AAA). When it is configured for RADIUS, the switch becomes a RADIUS
client. In this configuration, authentication records are stored in the RADIUS host server database.
The RADIUS service supports accounting request and response packets so that accounting records can be
centralized on the RADIUS server. The login account name, assigned role, password, and time accounting
records are stored on the RADIUS server for each user.
By default, RADIUS service is disabled, so AAA services default to the switch local database.
To enable RADIUS service, access the CLI through an SSH connection so that the shared secret is
protected. Multiple login sessions can configure simultaneously, and the last session to apply a change
leaves its configuration in effect. After a configuration is applied, it persists after a reboot or an
HA failover.
The configuration is chassis-based, so it applies to all logical switches (domains) on the switch and
replicates itself on a standby CP card, if one is present. It is saved in a configuration upload and applied
in a configuration download.
Configure at least two RADIUS servers so that if one fails, the other assumes service. You can set the
configuration with both RADIUS service and local authentication enabled so that if all RADIUS servers do
not respond (because of power failure or network problems), the switch uses local authentication.