Dell PowerSwitch S4128F-ON OS10 Enterprise Edition User Guide Release 10.4.0ER - Page 458
Password strength, Role-based access control
View all Dell PowerSwitch S4128F-ON manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 458 highlights
You can enable this feature so that user re-authentication is required when any of these actions are performed. In these cases, logged-in users are logged out of the switch and all OS10 sessions are terminated. By default, user re-authentication is disabled. Enable user re-authentication • Enable user re-authentication in CONFIGURATION mode. aaa re-authenticate enable Enter the no form of the command to disable user re-authentication. Password strength By default, the password you configure with the username password command must be at least nine alphanumeric characters. To increase password strength, you can create password rules using the password-attributes command. When you enter the command, at least one parameter is required. When you enter the character-restriction parameter, at least one option is required. • Create rules for stronger passwords in CONFIGURATION mode. password-attributes {[min-length number] [character-restriction {[upper number] [lower number][numeric number] [special-char number]}} - min-length number - Enter the minimum number of required alphanumeric characters (6 to 32; default 9). - character-restriction - Enter a requirement for the alphanumeric characters in a password: ◦ upper number - Minimum number of uppercase characters required (0 to 31; default 0). ◦ lower number - Minimum number of lowercase characters required (0 to 31; default 0). ◦ numeric number - Minimum number of numeric characters required (0 to 31; default 0). ◦ special-char number - Minimum number of special characters required (0 to 31; default 0). Create password rules OS10(config)# password-attributes min-length 7 character-restriction upper 4 numeric 2 Display password rules OS10(config)# do show running-configuration password-attributes password-attributes min-length 7 character-restriction upper 4 numeric 2 Role-based access control RBAC provides control for access and authorization. Users are granted permissions based on defined roles - not on their individual system user ID. Create user roles based on job functions to help users perform their associated job function. You can assign each user only a single role, and many users can have the same role. When you enter a user role, you are authenticated and authorized. You do not need to enter an enable password because you are automatically placed in EXEC mode. OS10 supports the constrained RBAC model. With this model, you can inherit permissions when you create a new user role, restrict or add commands a user can enter, and set the actions the user can perform. This allows greater flexibility when assigning permissions for each command to each role. Using RBAC is easier and more efficient to administer user rights. If a user's role matches one of the allowed user roles for that command, command authorization is granted. A constrained RBAC model provides separation of duty as well as greater security. A constrained model places some limitations on each role's permissions to allow you to partition tasks. Some inheritance is possible. For greater security, only some user roles can view events, audits, and security system logs. 458 System management