Manualshelf

Brocade Secure Fabric OS Administrator's Guide (53-1000244-01, November 2006)

ManualsBrandsHP ManualsComputer AccessoriesHP StorageWorks 2/8-EL 2/16 w/V3.1 Document Kit
81828384858687888990
4-8 Secure Fabric OS Administrator’s Guide
Publication Number: 53-1000244-01
4
Managing Passwords
This section provides the following information:
“Modifying Passwords in Secure Mode” on page 4-10
“Using Temporary Passwords on page 4-11
When secure mode is enabled, the following conditions apply:
Only enter the passwd command on the primary FCS switch.
Only access the root and factory accounts from the FCS switches. Attempting to access them from
a non-FCS switch generates an error message.
The admin account (or role) remains available from all switches, but two passwords are
implemented: one for all FCS switches and one for all non-FCS switches.
Temporary passwords can be created for specific switches, making it possible to provide temporary
access to another user.
User password policies are not supported. To enable Secure mode, you must reset all password
policies to the default settings. See Chapter 3 of the Fabric OS Administrator’s Guide.
The user account (or role) remains available fabric-wide regardless of whether secure mode is enabled.
The characteristics of the different accounts when secure mode is enabled and disabled are described in
Table 4-3.
You can use the multiple user account (MUA) feature of Fabric OS v3.2.0, v4.4.0, v5.0.1, v5.1.0, and
v5.2.0 if the primary FCS switch is running any of the Fabric OS v3.2.0, v4.4.0, v5.0.1, v5.1.0, or
v5.2.0. Older switches do not need to be running a version of Fabric OS supporting MUA.
If a digital certificate is installed, the sectelnet and API passwords are automatically encrypted,
regardless of whether secure mode is enabled. HTTP encrypts passwords only if secure mode is
enabled.
Table 4-3 on page 4-8 summarizes login account behavior with secure mode disabled and enabled.
N
ote
Record passwords and store them in a secure place; recovering passwords might require significant
effort and result in fabric downtime.
Table 4-3 Login Account Behavior with Secure Mode Disabled and Enabled
Account Role Secure Mode Disabled Secure Mode Enabled
user Available on all switches.
Password is specific to each
switch; can modify using the
passwd command.
Available on all switches. Can
create temporary passwords.
Password is fabric wide; can
modify using passwd command
on the primary FCS switch.