Remote Authentication Configuration On The Switch - HP StoreFabric SN6500B Administrator's Manual

5
Remote authentication
Configuring the password expiration date
FabricOS lets you configure a password expiration date for each user account and to configure a
warning period for notifying the user that the account password is about to expire. To configure
these values, set the following attributes:
•
•
The following example sets the password expiration date for the fosuser5 account. It also specifies
that a warning be sent to the user 30 days before the password is due to expire.
user = fosuser5 {
}
Configuring a Windows TACACS+ server
FabricOS is compatible with any TACACS+ freeware for Microsoft Windows that uses TACACS+
protocol version v1.78. Refer to the vendor documentation for configuration details.

Remote authentication configuration on the switch

At least one RADIUS, LDAP, or TACACS+ server must be configured before you can enable a remote
authentication service. You can configure the remote authentication service even if it is disabled on
the switch. You can configure up to five RADIUS, LDAP, or TACACS+ servers. You must be logged in
as admin or switchAdmin to configure the RADIUS service.
NOTE
On dual-CP Backbones (Brocade DCX, DCX-4S, DCX 8510-4, and DCX 8510-8 devices), the switch
sends its RADIUS, LDAP, or TACACS+ request using the IP address of the active CP. When adding
clients, add both the active and standby CP IP addresses so that users can still log in to the switch
in the event of a failover.
RADIUS, LDAP, or TACACS+ configuration is chassis-based configuration data. On platforms
containing multiple switch instances, the configuration applies to all instances. The configuration is
persistent across reboots and firmware downloads. On a chassis-based system, the command
must replicate the configuration to the standby CP.
Multiple login sessions can invoke the aaaConfig command simultaneously. The last session that
applies the change is the one whose configuration is in effect. This configuration is persistent after
an HA failover.
The authentication servers are contacted in the order they are listed, starting from the top of the
list and moving to the bottom.
174
brcd-passwd-expiryDate sets the password expiration date in mm/dd/yyyy format.
brcd-passwd-warnPeriod sets the warning period as a number of days.
pap = clear "password"
chap = clear "password"
password = clear "password"
service = shell {
set brcd-role = securityAdmin
set brcd-passwd-expiryDate = 03/21/2014;
set brcd-passwd-warnPeriod = 30;
}
Fabric OS Administrator's Guide
53-1002745-02