Login

In this chapter, you can find all the available commands to customize login-related features, such as users, roles or the different mechanisms available to log-in, like tacacs or radius.

Users and roles

OSDx allows the creation of new users with different level of privileges. These different levels are called roles and there are some predefined ones that restrict the most common cases:

Role	Level	Actions allowed
monitor	0	Run some basic operational commands (e.g., show tree).
operator	5	Run almost all operational commands.
admin	15	Run all commands and access the configuration menu.

The level attribute sets the privilege level of a role. The higher it is, the more privileges a role grants. The maximum level is 15 and it is reserved for the admin role.

The admin user is configured by default in OSDx and assigned to the admin role. There must always be at least one user configured with the admin role. Therefore, if the default admin user is deleted, a new one has to be created and assigned to the admin role. Otherwise, the commit process will return a validation error.

Warning

Please, remember the importance of choosing strong password, specially for those users that are assigned to the admin role.

Apart from the afforementioned roles, new ones can be created by issuing the following command: system login role <txt> level <u32>.

There can only be one role for a given level; therefore, levels 0, 5 and 15 are forbidden.

Users can only be assigned to a single role and whenever that configuration changes, affected sessions are automatically closed to prevent security issues.

The parameters attribute is for the system login settings, it includes:

• idle-timeout

• max-auth-tries

• max-sessions

• password-prompt-delay

• unlock-time

• user-min-length: the minimum length of the user name ,1 by default.

• no-reuse-passwords: to configure the history of passwords so that they cannot be repeated when changing the current password, when it is configured, a record is created for each user to store previously used passwords, when a user is deleted, their record is removed too, and when the parameter is deletes, all records are removed. This parameter includes: * max-age: to set the maximum number of days passwords should be stored. * max-passwords: to set the maximum number of passwords to store, 100 by default.

Here, you will find more information about user-levels.

Configuration commands

• system login

• system login aaa

• system login banner

• system login parameters

• system login parameters no-reuse-passwords

• system login role <txt>

• system login user <txt>