Brocade Communications Systems Brocade ICX 6650 6650 Manual De Usuario
24
Brocade ICX 6650 Security Configuration Guide
53-1002601-01
TACACS and TACACS+ security
Changing a local user password
To change a local user password for an existing local user account, enter a command such as the
following at the global CONFIG level of the CLI.
following at the global CONFIG level of the CLI.
NOTE
You must be logged on with Super User access (privilege level 0) to change user passwords.
You must be logged on with Super User access (privilege level 0) to change user passwords.
Brocade(config)# username wonka password willy
If password masking is enabled, enter the username, press the [Enter] key, then enter the
password.
password.
Brocade(config)# username wonka password
Enter Password: willy
Enter Password: willy
The above commands change wonka's user name password to “willy”.
Syntax: [no] username user-string password password-string
Enter up to 48 characters for user-string.
The password-string parameter is the user password. The password can be up to 48 characters
and must differ from the current password and two previously configured passwords.
and must differ from the current password and two previously configured passwords.
When a password is changed, a message such as the following is sent to the Syslog.
SYSLOG: <14>Jan 1 00:00:00 10.44.9.11 Security: Password has been changed for user
tester from console session.
tester from console session.
The message includes the name of the user whose password was changed and during which
session type, such as Console, Telnet, SSH, SNMP, or others, the password was changed.
session type, such as Console, Telnet, SSH, SNMP, or others, the password was changed.
TACACS and TACACS+ security
You can use the security protocol Terminal Access Controller Access Control System (TACACS) or
TACACS+ to authenticate the following kinds of access to the Brocade device:
TACACS+ to authenticate the following kinds of access to the Brocade device:
•
Telnet access
•
SSH access
•
Console access
•
Access to the Privileged EXEC level and CONFIG levels of the CLI
The TACACS and TACACS+ protocols define how authentication, authorization, and accounting
information is sent between a Brocade device and an authentication database on a
TACACS/TACACS+ server. TACACS/TACACS+ services are maintained in a database, typically on a
UNIX workstation or PC with a TACACS/TACACS+ server running.
information is sent between a Brocade device and an authentication database on a
TACACS/TACACS+ server. TACACS/TACACS+ services are maintained in a database, typically on a
UNIX workstation or PC with a TACACS/TACACS+ server running.
How TACACS+ differs from TACACS
TACACS is a simple UDP-based access control protocol originally developed by BBN for MILNET.
TACACS+ is an enhancement to TACACS and uses TCP to ensure reliable delivery.
TACACS+ is an enhancement to TACACS and uses TCP to ensure reliable delivery.