Setting up local user accounts, Enhancements to username and password – Brocade TurboIron 24X Series Configuration Guide User Manual
Page 112
78
Brocade TurboIron 24X Series Configuration Guide
53-1003053-01
Setting up local user accounts
Setting up local user accounts
You can define up to 16 local user accounts on a device. User accounts regulate who can access
the management functions in the CLI using the following methods:
•
Telnet access
•
SNMP access
Local user accounts provide greater flexibility for controlling management access to devices than
do management privilege level passwords and SNMP community strings of SNMP versions 1 and 2.
You can continue to use the privilege level passwords and the SNMP community strings as
additional means of access authentication. Alternatively, you can choose not to use local user
accounts and instead continue to use only the privilege level passwords and SNMP community
strings. Local user accounts are backward-compatible with configuration files that contain privilege
level passwords. Refer to
“Setting passwords for management privilege levels”
If you configure local user accounts, you also need to configure an authentication-method list for
Telnet access and SNMP access. Refer to
“Configuring authentication-method lists”
For each local user account, you specify a user name. You also can specify the following
parameters:
•
A password
•
A management privilege level, which can be one of the following:
•
Super User level (default) – Allows complete read-and-write access to the system. This is
generally for system administrators and is the only privilege level that allows you to
configure passwords.
•
Port Configuration level – Allows read-and-write access for specific ports but not for global
parameters.
•
Read Only level – Allows access to the Privileged EXEC mode and CONFIG mode with read
access only.
Enhancements to username and password
This section describes the enhancements to the username and password features introduced in
the releases listed above.
The following rules are enabled by default:
•
Users are required to accept the message of the day.
•
Users are locked out (disabled) if they fail to login after three attempts. Use the
disable-on-login-failure command to change the number of login attempts (up to 10) before
users are locked out.
The following rules are disabled by default:
•
Enhanced user password combination requirements
•
User password masking
•
Quarterly updates of user passwords
•
You can configure the system to store up to 15 previously configured passwords for each user.
•
You can use the disable-on-login-failure command to change the number of login attempts (up
to 10) before users are locked out.