Defining Dx Storage Operators; Securing The Administrator And Operator Passwords - Dell DX6000 Administration Manual
Dx object storage administration guide version 5.0
Hide thumbs
Also See for DX6000:
- Hardware owner's manual (198 pages) ,
- Getting started with your system (124 pages) ,
- Application manual (81 pages)
Table of Contents
Advertisement
To create this realm, add user names and passwords as values to the administrators
parameter. To tighten security by encrypting users' passwords, see
Administrator and Operator
An example from /caringo/node.cfg.sample follows:
administrators = {'admin':'ourpwdofchoicehere',
'snmp':'ourpwdofchoicehere'}
In the example, the CAStor administrators realm has two users, admin and snmp. Both users
have the same password, ourpwdofchoicehere.
For security reasons, Dell strongly recommends you change these users' passwords as soon as
possible.
Note
The names admin and snmp are reserved and should not be changed. Changing or
deleting these names results in errors and unpredictable performance. If you do not wish
to use these names, define long, complex passwords for them.
6.2.2. Defining DX Storage Operators
The operators parameter enables you to specify users who have read-only access to the Admin
Console and to SNMP. Because privileges to the Admin Console are not hierarchical, you must add
your administrators users to the operators user list as well.
SNMP uses a single snmp user for all access and validates the community string password from the
administrators and operators list to determine if the user is allowed read-only or read-write access.
The default read-only community password is public).
To enhance security by encrypting users' passwords, see the next section.
6.2.3. Securing the Administrator and Operator Passwords
Instead of a clear text password, you can also represent the password as a hexadecimal-encoded
MD5 hash of the following string:
username:realm-name:password
where username and password must consist only of ASCII characters and realm-name can be
either CAStor administrator or CAStor operator.
To create the MD5 hash, use a programming language or a utility like md5sum or Apache
htdigest. Dell does not recommend a particular utility.
For example, to update your node or cluster configuration file with a password hash you create
using htdigest :
1. Create a hash of the user name, password, and realm.
htdigest -c castor_admins "CAStor administrator" Jim.Jones
2. htdigest prompts you to enter and confirm the user's password.
3. Open castor_admins in a text editor.
Copyright © 2010 Caringo, Inc.
All rights reserved
Passwords".
37
Section 6.2.3, "Securing the
December 2010
Version 5.0
Advertisement
Table of Contents
