Trusted Builds - Cisco ASR 5000 Administration Manual

Trusted Builds

• Management Subscribers: A management user is an authorized user who can monitor, control, and
Important
Trusted Builds
A Trusted build is a starfile image from which non-secure or low security features have been deleted or
disabled. However, the binaries in the Trusted starfile image are are identical to those found in other starfiles
for a particular StarOS release-build number. In general, a Trusted build is more restrictive than a Normal
build image.
You can identify whether your platform is running a Trusted build via the Exec mode show version command.
The output of the command displays the word "Trusted" as part of the image description text.
The following non-secure programs and features are disabled/removed from a Trusted build:
• Telnet
• FTP (File Transfer Protocol)
• Local user database access
• tcpdump utility
• rlogin (Remote Login) utility and rlogind (Remote Login daemon)
• rsh (Remote Shell) and rcp (Remote Copy) utilities
How the System Selects Contexts
This section describes the process that determines which context to use for context-level administrative users
or subscriber sessions. Understanding this process allows you to better plan your configuration in terms of
how many contexts and interfaces you need to configure.
ASR 5000 System Administration Guide, StarOS Release 21.1
6
named default which is created automatically by the system for each system context. When configuring
local profile attributes, the changes are made on a subscriber-by-subscriber basis.
Attributes configured for local subscribers take precedence over context-level parameters.
Important
However, they could be over-ridden by attributes returned from a RADIUS AAA server.
configure the system through the CLI or Web Element Manager application. Management is performed
either locally, through the system Console port, or remotely through the use of the Telnet or secure shell
(SSH) protocols. Management users are typically configured as a local subscriber within the Local
context, which is used exclusively for system management and administration. As with a local subscriber,
a management subscriber's user profile is configured within the context where the subscriber was created
(in this case, the Local context). However, management subscribers may also be authenticated remotely
via RADIUS, if an AAA configuration exists within the local context, or TACACS+.
In release 20.0 and higher Trusted StarOS builds, Telnet is not supported.
System Operation and Configuration