User Privilege Levels and Passwords Without Data Storage Security
User and Superuser Modes
There are two modes available in the ACLI: User mode and Superuser mode. User mode provides only limited system access and allows no system configuration. It simply enables you to view configuration files, logs, and all show commands. Superuser mode provides more complete system access and it allows you to configure your Oracle Communications Session Border Controller.
When you log in to a SBC from the console you are initially in User
mode. To indicate this, the system uses a >
as the final character of the
ACLI prompt. To enter Superuser mode, you type enable followed by Enter at
the ACLI prompt. The system prompts you to enter the Superuser password. After you enter
the correct password, the prompt changes to a #
to indicate Superuser
mode.
User Access Verification
Password:
ORACLE> enable
Password:
ORACLE#
To exit to User mode from Superuser mode, type exit at the top-level ACLI prompt.
ORACLE# exit
ORACLE>
All local accounts in the user class have >
as the final character in the
prompt, while all local accounts in the admin class have #
as the final
character in the prompt.
Setting Passwords
The Oracle Communications Session Border Controller forces you to set a new password when you first login. However, you may also change the password with the secret command.
To set new ACLI passwords:
SSH RADIUS Authentication VSA Support
The SBC supports the use of the
Cisco Systems Inc.™ Cisco-AVPair vendor specific attribute (VSA). This attribute allows for
successful administrator login to servers that do not support the Oracle authorization VSA.
While using RADIUS-based authentication, the SBC authorizes you to enter
Superuser mode locally even when your RADIUS server does not return the lowercase
ACME_USER_CLASS VSA (admin
or user
) or the Cisco-AVPair
VSA.
For this VSA, the Vendor-ID is 1 and the Vendor-Type is 9. The list below shows the values this attribute can return, and the result of each:
- shell:priv-lvl=15—User automatically logged in as an administrator
- shell:priv-lvl=1—User logged in at the user level, and not allowed to become an administrator
- Any other value—User rejected
Expanded Privileges
Commands available to the User level user now include:
- All show commands
- All display commands
- All monitor commands
See the Oracle Communications Session Border Controller ACLI Reference Guide Command Summary Chapter for a list of privileges for each ACLI command.
User Sessions
The Oracle Communications Session Border Controller provides a way to manually terminate an existing user session on your system. Sessions are terminated by issuing the kill command to a specifically chosen session. You first identify the session you wish to kill and then issue the command.