Installation guide
3 – Planning
Fabric Security
3-24 59042-08 A
0
3.6.3
User Account Security
User account security consists of the administration of account names,
passwords, expiration date, and authority level. If an account has Admin authority,
all management tasks can be performed by that account in both SANsurfer Switch
Manager™ and the Telnet command line interface. Otherwise only monitoring
tasks are available. The default account name, Admin, is the only account that
can create or change account names and passwords. Account names and
passwords are always required when connecting to a switch.
Authentication of the user account and password can be performed locally using
the switch’s user account database or it can be done remotely using a RADIUS
server such as Microsoft® RADIUS. Authenticating user logins on a RADIUS
server requires a secure management connection to the switch. Refer to
“Connection Security” on page 3-13 for information about securing the
management connection. A RADIUS server can also be used to authenticate
devices and other switches as described in “Device Security” on page 3-14.
Consider your management needs and determine the number of user accounts,
their authority needs, and expiration dates. Also consider the advantages of
centralizing user administration and authentication on a RADIUS server.
Note: If the same user account exists on a switch and its RADIUS server,
that user can login with either password, but the authority and account
expiration will always come from the switch database.