Fujitsu M4000, M5000, M8000, M9000 Privileges, XSCF Passwords

Note – You cannot use the following user account names, as they are reserved for system use: root, bin, daemon, adm, operator, nobody, sshd, rpc, rpcuser, ldap, apache, ntp, admin, and default.

XSCF supports multiple user accounts for log in to the Service Processor. The user accounts are assigned privileges; each privilege allows the user to execute certain XSCF commands. By specifying privileges for each user, you can control which operations each XSCF user is allowed to perform. On its own, a user account has no privileges. To obtain permission to run XSCF commands and access system components, a user must have privileges.

You can set up the Service Processor to use an LDAP server for authentication instead. To use LDAP, the Service Processor must be set up as an LDAP client. For information about setting up the Service Processor to use the LDAP service, refer to “LDAP Service” on page 21. If you are using an LDAP server for authentication, the user name must not be in use, either locally or in LDAP.

User passwords are authenticated locally by default unless you are using an LDAP server for authentication.

Site-wide policies, such as password nomenclature or expiration dates, make passwords more difficult to guess. You can configure a password policy for the system using the setpasswordpolicy command. The setpasswordpolicy command describes the default values for a password policy.

If you have lost password access to your system, use the procedure “To Log in Initially to the XSCF Console” on page 12.

Privileges allow a user to perform a specific set of actions on a specific set of components. Those components can be physical components, domains, or physical components within a domain.