Fabric OS Administrator's Guide v7.0.0 (53-1002148-02, June 2011)

Fabric OS Administrator’s Guide 83
53-1002148-02
Chapter
5
Managing User Accounts
In this chapter
User accounts overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83
Local database user accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87
Local account database distribution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90
Password policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91
The boot PROM password. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95
The authentication model using RADIUS and LDAP . . . . . . . . . . . . . . . . . . . 99
User accounts overview
In addition to the default permissions assigned to the following roles: root, factory, admin, and user,
Fabric OS supports up to 252 additional user accounts on the chassis. These accounts expand
your ability to track account access and audit administrative activities.
Each user account is associated with the following:
Admin Domain list — Specifies the Administrative Domains a user account is allowed to log in
to.
Home Admin Domain — Specifies the Admin Domain that the user is logged in to by default.
The home Admin Domain must be a member of the user’s Admin Domain list.
Permissions — Associate roles with each user account to determine the functional access
levels within the bounds of the your current Admin Domain.
Virtual Fabric list — Specifies the Virtual Fabric a user account is allowed to log in to.
Home Virtual Fabric — Specifies the Virtual Fabric that the user is logged in to, if available. The
home Virtual Fabric must be a member of the user’s Virtual Fabric list. If the fabric ID is not
available, the next lower valid fabric ID is used.
LF Permission List — Determines functional access levels within the bounds of the user’s
Virtual Fabrics.
Chassis role — Similar to switch-level roles, but applies to a different subset of commands.
NOTE
Admin Domains are mutually exclusive from Virtual Fabrics permissions when setting up user
accounts. You will need to set up different user accounts for each feature.
You cannot have Admin Domain mode and Virtual Fabrics mode enabled at the same time.
For more information about Admin Domains, refer to Chapter 17, “Managing Administrative
Domains”.
For more information about Virtual Fabrics, refer to Chapter 10, “Managing Virtual Fabrics”.