C H A P T E R 3 |
Setting Up System Controller Login Accounts |
The System Controller provides management access to the system chassis. For security, we recommend you to set up named users of the System Controller and also to control the levels of access of each user. This chapter tells you how to do these things.
The chapter contains the following sections:
The System Controller allows you to set up individual user accounts with different levels of access configured for each user. The accounts you set up all require a user name and a password. This chapter tells you how to log in for the first time, setting a password for the default user (whose login name is admin); how to create a user account for yourself; and how to create accounts for other people and allocate specific levels of access them individually.
There are categories of permissions available for users. Full access to the System Controller therefore requires all four categories to be assigned to a user. The available categories are:
For information about allocating permissions to a user, see Section 3.5.5, Specifying Permissions for a Named User.
You can specify named users of the System Controller (SC), but the default user is called admin. This is what you must type at the username prompt the first time you log into the SC. There is no default password for user admin. However, note that user admin has no permissions to configure settings or access the switch or server blade consoles until you have set a password for it.
To set a password, see Section 3.4, Changing Your Own User Password.
When you have set up a password for user admin, or when you have set up named users of the SC, then any subsequent time that somebody connects to the SC by telnet or by using a serial connection, the following login and password prompts appear:
This section tells you how to set up a named user account for yourself.
1. Create a user account by typing:
where username is the name you intend to use as your login name. (For information about the characters that are acceptable in a user name, see Section 3.5, Setting up Named User Accounts for Other People.)
2. Specify a password for yourself.
The characters that are acceptable in the password are the same as the characters that are acceptable in a user name (see Step 1 above).
3. Give yourself full user permissions by typing:
For information about the meanings of the letters that indicate permission levels, see Section 3.5, Setting up Named User Accounts for Other People
Note - All SC users with named user accounts are authorized to change their own password. |
There are rules for specifying passwords. If you have u-level privileges, these rules do not apply, and you can if you like specify an empty string as a password. If you do this, then when you log in you will not be prompted for your password.
If you do not have u-level privileges, then the password you specify for yourself must:
1. To change the password for the account you are currently logged into, type:
sc> password Enter current password: ****** Enter new password: ****** Enter new password again: ****** |
2. When prompted, specify the current password.
3. When prompted, specify the new password you want to use.
4. Specify the new password again to confirm it.
Note - You must have User Administration (u-level) authorization to add a user (see Section 3.3, Setting Up a Named User Account for Yourself). If you have not added any users, you have u-level and all other levels of authorization by default. |
where the username is up to eight characters long, begins with an alphabetic character, and contains at least one lowercase alphabetic character. Apart from this, the name can contain alphabetic and numeric characters, and/or period (.), underscore (_), and hyphen (-) characters in any combination.
Note - You must have User Administration (u-level) authorization to set a password for a user (see Section 3.3, Setting Up a Named User Account for Yourself). |
where the username is the name of a user account that has already been set up.
The rules for specifying passwords referred to in Section 3.4, Changing Your Own User Password) do not apply when you are using this command. A password can be an empty string, or a string of up to eight characters in length. If you specify an empty string (by typing [ENTER] when prompted to specify the user's password) then when that user logs in he or she will not be prompted for a password. Instead the sc> prompt will appear as soon as the user's name has been entered.
Note - You must have User Administration (u-level) authorization to view the details of a SC user account (see Section 3.3, Setting Up a Named User Account for Yourself). |
where the username is the name of an existing SC user account, or type the usershow command on its own to see a list of the user accounts that have been created and to see the user permissions of each one:
sc> usershow User name Permissions Password? --------- ----------- --------- psmith aucr Assigned awetherby --cr None sperkins ---r Assigned sc> |
For information about the meanings of the letters indicating the different permission levels, see Section 3.3, Setting Up a Named User Account for Yourself.
Note - You must have User Administration (u-level) authorization to delete a user account (see Section 3.5, Setting up Named User Accounts for Other People). Note that if you delete a user account, there is no way to recover it afterwards. |
where the username is the name of an existing SC user account.
Note - You must have User Administration (u-level) authorization to specify or to alter permission levels for a user account. |
By default, all four levels of permission are available to each named user you set up.
To limit users to a particular level of permission, type:
To see a list of users currently logged into the SC, type:
In the above example, "system" under the heading "console", indicates that user sperkins currently has write access to a server blade console (the particular blade is not indicated).
Note that only one user at a time can have write access to a given server blade console; other users can have read-only access to the same console (in other words they can view all activity on the console, but they cannot intervene by executing commands).
Copyright © 2004, Sun Microsystems, Inc. All rights reserved.