Skip to main content

Managing administrator accounts

Depending on how you have enabled account access, you may need to associate a public key with a local account, install a CA-signed server digital certificate, or configure AD, LDAP, or NIS access. You can perform all of these tasks before or after enabling account access.

  • Associating a public key with an administrator account
    For SSH public key authentication, you must associate the public key with an administrator account before the account can access the SVM. You can use the security login publickey create command to associate a key with an administrator account.
  • Generating and installing a CA-signed server certificate
    On production systems, it is a best practice to install a CA-signed digital certificate for use in authenticating the cluster or SVM as an SSL server. You can use the security certificate generate-csr command to generate a certificate signing request (CSR), and the security certificate install command to install the certificate you receive back from the certificate authority.
  • Configuring Active Directory domain controller access
    You must configure AD domain controller access to the cluster or SVM before an AD account can access the SVM. If you have already configured a CIFS server for a data SVM , you can configure the SVM as a gateway, or tunnel , for AD access to the cluster. If you have not configured a CIFS server, you can create a computer account for the SVM on the AD domain.
  • Configuring LDAP or NIS server access
    You must configure LDAP or NIS server access to an SVM before LDAP or NIS accounts can access the SVM . The switch feature lets you use LDAP or NIS as alternative name service sources.
  • Changing an administrator password
    You should change your initial password immediately after logging into the system for the first time. If you are an SVM administrator, you can use the security login password command to change your own password. If you are a cluster administrator, you can use the security login password command to change any administrator's password.
  • Locking and unlocking an administrator account
    You can use the security login lock command to lock an administrator account, and the security login unlock command to unlock the account.
  • Managing failed login attempts
    Repeated failed login attempts sometimes indicate that an intruder is attempting to access the storage system. You can take a number of steps to ensure that an intrusion does not take place.
  • Enforcing SHA-2 on administrator account passwords
    MD5 is less secure than SHA-2. By default, account passwords by default are hashed with the SHA-512 hash function.
Related concepts
Related tasks