Brocade Communications Systems 53-1001763-02 사용자 설명서
102
Fabric OS Administrator’s Guide
53-1001763-02
The authentication model using RADIUS and LDAP
5
You can set a user password expiration date and add a warning for RADIUS login. The password
expiry date must be specified in UTC and in MM/DD/YYYY format. The password warning specifies
the number of days prior to the password expiration that a warning of password expiration notifies
the user. You either specify both attributes or none. If you specify a single attribute or there is a
syntax error in the attributes, the password expiration warning will not be issued. If your RADIUS
server maintains its own password expiration attributes, you must set the exact date twice to use
this feature, once on your RADIUS server and once in the VSA attribute. If the dates do not match,
then the RADIUS server authentication fails.
expiry date must be specified in UTC and in MM/DD/YYYY format. The password warning specifies
the number of days prior to the password expiration that a warning of password expiration notifies
the user. You either specify both attributes or none. If you specify a single attribute or there is a
syntax error in the attributes, the password expiration warning will not be issued. If your RADIUS
server maintains its own password expiration attributes, you must set the exact date twice to use
this feature, once on your RADIUS server and once in the VSA attribute. If the dates do not match,
then the RADIUS server authentication fails.
The syntax used for assigning VSA-based account switch roles on a RADIUS server is described in
.
Fabric OS users on the RADIUS server
All existing Fabric OS mechanisms for managing local switch user accounts and passwords remain
functional when the switch is configured to use RADIUS. Changes made to the local switch
database do not propagate to the RADIUS server, nor do the changes affect any account on the
RADIUS server.
functional when the switch is configured to use RADIUS. Changes made to the local switch
database do not propagate to the RADIUS server, nor do the changes affect any account on the
RADIUS server.
TABLE 16
Syntax for VSA-based account roles
Item
Value
Description
Type
26
1 octet
Length
7 or higher
1 octet, calculated by the server
Vendor ID
1588
4 octet, Brocade SMI Private Enterprise Code
Vendor type
1
1 octet, Brocade-Auth-Role; valid attributes for the Brocade-Auth-Role are:
Admin
BasicSwitchAdmin
FabricAdmin
Operator
SecurityAdmin
SwitchAdmin
User
ZoneAdmin
Admin
BasicSwitchAdmin
FabricAdmin
Operator
SecurityAdmin
SwitchAdmin
User
ZoneAdmin
2
Optional: Specifies the Admin Domain or Virtual Fabric member list. For
more information on Admin Domains or Virtual Fabrics, see
more information on Admin Domains or Virtual Fabrics, see
Brocade-AVPairs1
3
Brocade-AVPairs2
4
Brocade-AVPairs3
5
Brocade-AVPairs4
6
Brocade Password ExpiryDate
7
Brocade Password ExpiryWarning
Vendor length
2 or higher
1 octet, calculated by server, including vendor-type and vendor-length
Attribute-specific data ASCII string Multiple octet, maximum 253, indicating the name of the assigned role and
other supported attribute values such as Admin Domain member list.