HP StorageWorks 2/16V Brocade Secure Fabric OS Administrator's Guide (53-10002 - Page 88

Managing Passwords

Get HP StorageWorks 2/16V - SAN Switch PDF manuals and user guides View all HP StorageWorks 2/16V manuals
Add to My Manuals
Save this manual to your list of manuals

Page 88 highlights

4 Managing Passwords This section provides the following information: • "Modifying Passwords in Secure Mode" on page 4-10 • "Using Temporary Passwords" on page 4-11 When secure mode is enabled, the following conditions apply: • Only enter the passwd command on the primary FCS switch. • Only access the root and factory accounts from the FCS switches. Attempting to access them from a non-FCS switch generates an error message. • The admin account (or role) remains available from all switches, but two passwords are implemented: one for all FCS switches and one for all non-FCS switches. • Temporary passwords can be created for specific switches, making it possible to provide temporary access to another user. • User password policies are not supported. To enable Secure mode, you must reset all password policies to the default settings. See Chapter 3 of the Fabric OS Administrator's Guide. The user account (or role) remains available fabric-wide regardless of whether secure mode is enabled. The characteristics of the different accounts when secure mode is enabled and disabled are described in Table 4-3. You can use the multiple user account (MUA) feature of Fabric OS v3.2.0, v4.4.0, v5.0.1, v5.1.0, and v5.2.0 if the primary FCS switch is running any of the Fabric OS v3.2.0, v4.4.0, v5.0.1, v5.1.0, or v5.2.0. Older switches do not need to be running a version of Fabric OS supporting MUA. If a digital certificate is installed, the sectelnet and API passwords are automatically encrypted, regardless of whether secure mode is enabled. HTTP encrypts passwords only if secure mode is enabled. Note Record passwords and store them in a secure place; recovering passwords might require significant effort and result in fabric downtime. Table 4-3 on page 4-8 summarizes login account behavior with secure mode disabled and enabled. Table 4-3 Login Account Behavior with Secure Mode Disabled and Enabled Account Role Secure Mode Disabled Secure Mode Enabled user Available on all switches. Available on all switches. Can Password is specific to each create temporary passwords. switch; can modify using the Password is fabric wide; can passwd command. modify using passwd command on the primary FCS switch. 4-8 Secure Fabric OS Administrator's Guide Publication Number: 53-1000244-01

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
4-8
Secure Fabric OS Administrator’s Guide
Publication Number: 53-1000244-01
4
Managing Passwords
This section provides the following information:
“Modifying Passwords in Secure Mode”
on page 4-10
“Using Temporary Passwords”
on page 4-11
When secure mode is enabled, the following conditions apply:
Only enter the
passwd
command on the primary FCS switch.
Only access the root and factory accounts from the FCS switches. Attempting to access them from
a non-FCS switch generates an error message.
The admin account (or role) remains available from all switches, but two passwords are
implemented: one for all FCS switches and one for all non-FCS switches.
Temporary passwords can be created for specific switches, making it possible to provide temporary
access to another user
.
User password policies are not supported. To enable Secure mode, you must reset all password
policies to the default settings. See Chapter 3 of the
Fabric OS Administrator’s Guide
.
The user account (or role) remains available fabric-wide regardless of whether secure mode is enabled.
The characteristics of the different accounts when secure mode is enabled and disabled are described in
Table 4-3
.
You can use the multiple user account (MUA) feature of Fabric OS v3.2.0, v4.4.0, v5.0.1, v5.1.0, and
v5.2.0 if the primary FCS switch is running any of the Fabric OS v3.2.0, v4.4.0, v5.0.1, v5.1.0, or
v5.2.0. Older switches do not need to be running a version of Fabric OS supporting MUA.
If a digital certificate is installed, the sectelnet and API passwords are automatically encrypted,
regardless of whether secure mode is enabled. HTTP encrypts passwords only if secure mode is
enabled.
Table 4-3 on page 4-8
summarizes login account behavior with secure mode disabled and enabled.
Note
Record passwords and store them in a secure place; recovering passwords might require significant
effort and result in fabric downtime.
Table 4-3
Login Account Behavior with Secure Mode Disabled and Enabled
Account Role
Secure Mode Disabled
Secure Mode Enabled
user
Available on all switches.
Password is specific to each
switch; can modify using the
passwd
command.
Available on all switches. Can
create temporary passwords.
Password is fabric wide; can
modify using
passwd
command
on the primary FCS switch.