12 Command Line Interface Configuration; Anonymous Access; Local Access; Ip Restricted Logins - HP Integrity rx2800 - i2 User Manual

12 Command Line Interface Configuration

Command Line Interface Configuration
The Command Line Interface (CLI) provides users with administrative rights access to set these values through
the command line. You can use the CLI to modify configuration options, including the required security checks
that allow the configuration options to be changed.
NOTE: --kerberos, --user-kerberos, --operator-kerberos, --admin-kerberos, --max-threads and
--win32-disable-acceptex options are only available on Windows operating systems.
NOTE: Long options, starting with "--", have an optional symbol "=" before the argument.
Some CLI options require special arguments listed as words in capital letters in the option summary of the
command. Descriptions of the format of these arguments are in the following table:
Table 12-1 CLI arguments
Argument type
DIR
FILE
GROUPLIST
IPBINDLIST
IPLIST
NUM
NAMELIST
XENAMELIST

Anonymous Access

Anonymous access allows anonymous users to access unsecured pages, including local anonymous access.
The following command enables or disables the anonymous access setting:
smhconfig -a|--anonymous-access [=] True | False

Local Access

The local access command sets the local access privilege to anonymous or administrator, applying the
specified access to the local system. If local access is selected, a user with access to the local console is
granted anonymous or administrator access without being challenged for a username and password.
The following command enables or disables local access:
smhconfig -L|--localaccess-enabled [=] True | False
The following command configures the local user privileges:
smhconfig -l|--local-access [=] administrator | anonymous

IP Restricted Logins

IP addresses can be explicitly permitted or restricted based on user type. If an IP address is explicitly restricted,
it is restricted even if it is explicitly permitted. If there are IP addresses in the permitted list, only those IP
addresses are allowed login access. If there are no IP addresses in the permitted list, login access is granted
to any IP address not in the restricted list.
The following command enables or disables IP restricted login:
smhconfig -P|--ip-restricted-login [=] True | False
IP Address Inclusion
A path to a directory where the HP SMH service has write access.
A path to a file.
A list of group names separated by semicolons.
A list of IPv6 addresses and/or IPv4 address/netmask pairs separated by semicolons.
A list of IP addresses separated by semicolons.
A numeric value with a range that depends on the option being set.
A list of host names and IP addresses separated by semicolons.
A list of trusted server host names.
Perform the IP address permitted command as follows:
Description
Command Line Interface Configuration 71