Changing an account password, Setting up radius aaa service, Changing the password for a different account – HP StorageWorks 2.128 SAN Director Switch User Manual
Page 45: Setting up radius aaa, Service, Bed in
Fabric OS 5.x administrator guide
45
Changing an account password
At each level of account access, you can change passwords for that account and accounts that have
lesser privileges.
If you log in to a user account, you can change only that account’s password.
If you log in to an admin account, you can change admin and user passwords. You must provide the old
password when the account being changed has the same or higher privileges than the current login
account. For example, if you are logged in as admin, you need admin passwords to change passwords
for admin accounts (except when you change the default user account password at login), but you do not
need user passwords to change passwords for user accounts.
A new password must have at least one character different from the old password. The following rules
also apply to passwords:
•
You cannot change passwords using SNMP.
•
Password prompting is disabled when security mode is enabled.
•
With Fabric OS 4.4.0 and later, you can use Advanced Web Tools to change admin-level account
passwords.
•
With Fabric OS 3.2.0 and later, you cannot change default account names.
For information on password behavior when you upgrade (or downgrade) firmware, see ”
firmware changes on accounts and passwords
Changing the password for the current login account
1.
Connect to the switch and log in as either admin or user.
2.
Issue the password command:
passwd
3.
Enter the requested information at the prompts.
Changing the password for a different account
1.
Connect to the switch and log in as admin.
2.
Issue the following password command:
passwd name
where
name
is the name of the account.
3.
Enter the requested information at the prompts.
If the named account has lesser privileges than the current login account, the old password of the named
account is not required. If the named account has equal or higher privileges than the current login
account, you are prompted to enter the old password of the named account.
Setting up RADIUS AAA service
Fabric OS 3.2, 4.4.0 and later support RADIUS authentication, authorization, and accounting service
(AAA). When configured for RADIUS, a switch becomes a RADIUS client. In this configuration,
authentication records are stored in the RADIUS host server database. Login and logout account name,
assigned role, and time-accounting records are also stored on the RADIUS server for each user.
By default, RADIUS service is disabled, so AAA services default to the switch local database.
To enable RADIUS service, HP recommends that you access the CLI through an SSH connection so that the
shared secret is protected. Multiple login sessions can configure simultaneously; the last session to apply a
change leaves its configuration in effect. After a configuration is applied, it persists after a reboot or an
HA failover.
The configuration is chassis-based, so it applies to all logical switches (domains) on the switch and
replicates itself on a standby CP blade, if one is present. It is saved in a configuration upload and applied
in a configuration download.