Onecommand manager secure management, Overview, Table 1-1 – Dell Emulex Family of Adapters User Manual

OneCommand Manager Command Line Interface Version 10.2 User Manual

P010067-01A Rev. A

1. Introduction

OneCommand Manager Secure Management

296

OneCommand Manager Secure Management

Overview

OneCommand Manager Secure Management gives system administrators the ability to

further enhance the active management security of their networks. Using Secure

Management, administrators can define each user's privileges for managing both local

and remote adapters. When running in Secure Management mode, users must log in

with their user name and password to run the OneCommand Manager application.

When users are authenticated, they can only perform the functions allowed by the

OneCommand Manager user group to which they belong. If your systems are running

in an LDAP or Active Directory domain, the OneCommand Manager application will

authenticate the user with those defined in that domain. For Linux and Solaris systems

this is done using PAM.

Note: OneCommand Manager Secure Management is supported on Linux, Solaris,

and Windows, but is not supported on VMware hosts.

Administrators set up user accounts such that a user belongs to one of the

OneCommand Manager application user groups. The user groups define the

management capabilities for the user. The following table defines the OneCommand

Manager application user groups and each group's management capabilities.

On Linux or Solaris systems, the unix “getent group” utility can be run on the target

host system’s command shell to verify the correct configuration of the groups. The

groups, and users within the groups, will appear in the output of this command.

Note: Although a user may belong to the administrator group or be the root user, they

will not have full privileges to run the OneCommand Manager application

unless they are also a member of the ocmadmin group. Otherwise, when secure

management is enabled, a root user or administrator can only manage local

adapters (similar to the ocmlocaladmin user).

Table 1-1 Secure Management User Privileges

Group Name

OneCommand Manager Capability

ocmadmin

Allows full active management of local and remote adapters.

ocmlocaladmin

Permits full active management of local adapters only

ocmuser

Permits read-only access of local and remote adapters

ocmlocaluser Permits

read-only access of local adapters.