Manualshelf

HP StorageWorks Fabric OS 5.X Administrator Guide (AA-RVHWB-TE, September 2005)

ManualsBrandsHP ManualsStorageHP A7535A 4GB SAN Switch
41424344454647484950
Fabric OS 5.x administrator guide 43
Creating and maintaining user-defined accounts
In addition to the default administrative and user accounts, Fabric OS supports up to 15 user-defined
accounts in each logical switch (domain). These accounts expand your ability to track account access and
audit administrative activities.
User-defined accounts can be assigned either admin-, switchAdmin-, or user-level roles. Admin-level
accounts allow up to two simultaneous login sessions. User-level accounts allow up to four simultaneous
login sessions. The total number of simultaneous login sessions allowed per logical switch is 15.
You can change passwords on user-defined accounts as described in ”Changing an account password” on
page 45.
If the TC feature is enabled, the system keeps track of account names and login attempts. (See ”Tracking
and controlling switch changes” on page 35 for details on enabling the TC feature.)
For large enterprises, Fabric OS also supports RADIUS services, as described in ”Setting up RADIUS AAA
service” on page 45.
The following procedures are for operations you can perform on user-defined accounts.
NOTE: If you are operating in secure mode, you can perform these operations only on the primary FCS
switch.
Displaying account information
1. Connect to the switch and log in as admin.
2. Issue one of the following commands:
userConfig --show -a to show all account information for a logical switch
userConfig --show -b to show all backup account information for a logical switch
userConfig --show username to show account information for the specified account name
Accounts with the admin role can display information about all accounts on the logical switch. Accounts
with the switchAdmin role can display information about all accounts on the logical switch; however, they
cannot display information about security, user management, or zoning. Accounts with the user role can
display information only about themselves.
Creating a user-defined account
Accounts with the admin role can create accounts. Accounts with the user role cannot.
1. Connect to the switch and log in as admin.
2. Issue the following command:
userConfig --add username -r rolename [-d description]
where:
username Specifies the account name, which must begin with an alphabetic
character. The name can consist of 8 to 40 characters. It is case-sensitive
and can contain alphabetic and numeric characters, the dot, and the
underscore. It must be different from all other account names on the
logical switch.
-r rolename Specifies the role: either admin, switchAdmin, or user in nonsecure
mode; admin, user, or nonfcsadmin in secure mode.
-d description Is an optional argument that adds a description to the account. The
description field can be up to 40 printable ASCII characters. The
following characters are not allowed: asterisk (*), quotation mark (“),
exclamation point (!), semicolon (;), and colon (:).