HP StorageWorks 2/128 HP StorageWorks Fabric OS 5.X Procedures User Guide (AA- - Page 45
Changing an account password, Setting up RADIUS AAA service
View all HP StorageWorks 2/128 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 45 highlights
Changing an account password At each level of account access, you can change passwords for that account and accounts that have lesser privileges. If you log in to a user account, you can change only that account's password. If you log in to an admin account, you can change admin and user passwords. You must provide the old password when the account being changed has the same or higher privileges than the current login account. For example, if you are logged in as admin, you need admin passwords to change passwords for admin accounts (except when you change the default user account password at login), but you do not need user passwords to change passwords for user accounts. A new password must have at least one character different from the old password. The following rules also apply to passwords: • You cannot change passwords using SNMP. • Password prompting is disabled when security mode is enabled. • With Fabric OS 4.4.0 and later, you can use Advanced Web Tools to change admin-level account passwords. • With Fabric OS 3.2.0 and later, you cannot change default account names. For information on password behavior when you upgrade (or downgrade) firmware, see "Effects of firmware changes on accounts and passwords" on page 79. Changing the password for the current login account 1. Connect to the switch and log in as either admin or user. 2. Issue the password command: passwd 3. Enter the requested information at the prompts. Changing the password for a different account 1. Connect to the switch and log in as admin. 2. Issue the following password command: passwd name where name is the name of the account. 3. Enter the requested information at the prompts. If the named account has lesser privileges than the current login account, the old password of the named account is not required. If the named account has equal or higher privileges than the current login account, you are prompted to enter the old password of the named account. Setting up RADIUS AAA service Fabric OS 3.2, 4.4.0 and later support RADIUS authentication, authorization, and accounting service (AAA). When configured for RADIUS, a switch becomes a RADIUS client. In this configuration, authentication records are stored in the RADIUS host server database. Login and logout account name, assigned role, and time-accounting records are also stored on the RADIUS server for each user. By default, RADIUS service is disabled, so AAA services default to the switch local database. To enable RADIUS service, HP recommends that you access the CLI through an SSH connection so that the shared secret is protected. Multiple login sessions can configure simultaneously; the last session to apply a change leaves its configuration in effect. After a configuration is applied, it persists after a reboot or an HA failover. The configuration is chassis-based, so it applies to all logical switches (domains) on the switch and replicates itself on a standby CP blade, if one is present. It is saved in a configuration upload and applied in a configuration download. Fabric OS 5.x administrator guide 45