No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

OceanStor 9000 V300R006C00 Security Maintenance 07

Rate and give feedback :
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Account Details

Account Details

This section describes information about all accounts used in the OceanStor 9000.

Operating System Account root

Default password: Root@storage

Description: Log in to the operating system as user root for system maintenance.

Password change method:

  • Log in to DeviceManager as super administrator, choose Settings > Cluster Settings > Cluster Node Settings, select the nodes whose passwords you want to change, and click Change Password of User Root.
  • CLI command method:
    1. Use SSH to log in remotely to the management storage node (marked with OceanStor 9000 management IP address) as user omuser.
    2. Run cli_start -u admin to log in to the CLI.
    3. Run change system root_password, set the password as prompted.

Password rule:

A password must be 8 to 16 characters in length and contains special characters and at least two types of lowercase letters, uppercase letters, and digits. It cannot be the same as the user name or the user name typed backwards.

NOTE:
Modify the file /etc/pam.d/common-password may lead to disable the password complexity policy. This operation has security risks, so you are advised not to perform this operation.

How to delete/deactivate:

This account is an administrator account and cannot be deleted.

Lock account policy:

The account will be locked if entering the wrong password three times. After being locked for five minutes, the account will be unlocked automatically.

Manually unlock the account as follows:

  1. Locally log in to the node as root.
    • P12E/P25E/P36E/C36E: Use the KVM to log in to the node.
    • P12/P25/P36/C36: Use the KVM to log in to the node.
    • C72: Use the system serial port on controller enclosure to log in to the node.

      The baud rate is 115200. There are 8 data bits and 1 stop bit. Parity check and data flow control are not implemented.

  2. Run pam_tally2 --user root --reset.

Operating System Account omuser

Default password: Omuser@storage

Description: Use SSH to remotely log in to the system as user omuser for routine maintenance.

Password change method:

  • Log in to DeviceManager as user admin.
    1. Choose Settings > Permission Settings > User Management, select omuser, and click Modify.
    2. Click Initialize password, input the super administrator password, new password, and confirm password.
  • Log in to DeviceManager as user omuser.
    1. Choose Settings > Permission Settings > User Management, select omuser, and click Modify.
    2. Input the old password and set the new password.
  • Log in to CLI with admin:
    1. Use SSH to log in remotely to the management storage node (marked with OceanStor 9000 management IP address) as user omuser.
    2. Run cli_start -u admin to log in to the CLI.
    3. Run show system user general to query the ID of user omuser.
    4. Run change system user initial_password id. Enter the password of the super administrator and a new password, and enter the new password again.

      id is the ID of user omuser.

  • Log in to CLI with omuser:
    1. Use SSH to log in remotely to the management storage node (marked with OceanStor 9000 management IP address) as user omuser.
    2. Run cli_start -u omuser to log in to the CLI.
    3. Run change system user password to enter the old password and new password as prompted.
NOTE:

If the SystemReporter is used, every time after you change the password, you must log in to SystemReporter to update the registered password of the OceanStor 9000 immediately. Otherwise, the latest report data is unavailable.

If the SmartKit is used, every time after you change the password, you must log in to SmartKit to update the password of added device.

Changing the password of operating system account omuser, the DeviceManager and CLI account omuser and SES account administrator's password will change automatically.
  • When the password of operating system account omuser is expired, multiple methods can be used to change it. You are advised to change the password using DeviceManager or CLI rather than using SSH. Otherwise, the changed password will not be synchronized to account omuser of DeviceManager and CLI and the account of the SES serial port.
  • If you have changed the password using SSH, change the password again by using DeviceManager or CLI, enabling the changed password to be synchronized to other accounts.

The validity period of the password of omuser is 90 days. Change the password periodically.

Password rule:

By default, a password must be 8 to 32 characters in length and contains special characters and at least two types of lowercase letters, uppercase letters, and digits. It cannot be the same as the user name or the user name typed backwards, and cannot be the same as the passwords used last five times. Each character must not occur more than three times consecutively in a password.
NOTE:
To set the minimum length, maximum length, character type, the maximum number of times that a character can occur consecutively in a password, and the number of historical passwords, choose Settings > Permission Settings > Security Policies.

How to delete/deactivate:

NOTE:
If the account is deleted, you cannot log in to the system using SSH or inspect the system correctly. Do not perform this operation.

You can log in to the Linux operating system and run the userdel command to delete the account.

Lock account policy:

The account will be locked if entering the wrong password three times. After being locked for five minutes, the account will be unlocked automatically.

Manually unlock the account as follows:

  1. Locally log in to the node as root.
    • P12E/P25E/P36E/C36E: Use the KVM to log in to the node.
    • P12/P25/P36/C36: Use the KVM to log in to the node.
    • C72: Use the system serial port on controller enclosure to log in to the node.

      The baud rate is 115200. There are 8 data bits and 1 stop bit. Parity check and data flow control are not implemented.

  2. Run pam_tally2 --user omuser --reset.

Operating System Account obsbilling

Default password: OBSCharging8800!

Description: Billing account of the object storage service, used to communicate with the billing center.

Password change method:
NOTE:

The password can be modified through the DeviceManager only when object storage service (Amazon S3 interface compatible) is deployed, but it can be modified through the CLI when the distributed file system service, object storage service (Amazon S3 interface compatible) and object storage service (compatible with openstack swift interface) is deployed.

  • Log in to DeviceManager as user admin.
    1. Choose Settings > Storage Settings > Object Storage Service > Billing Service Settings.
    2. Click Initialize Password to enter the new password and confirm password.
  • Log in to DeviceManager as an administrator or resource administrator.
    1. Choose Settings > Storage Settings > Object Storage Service > Billing Service Settings.
    2. Click Modify to enter the old password, new password and confirm password.
  • CLI method:
    1. Use SSH to log in remotely to the management storage node (marked with OceanStor 9000 management IP address) as user omuser, administrator or resource administrator.
    2. Run cli_start -u admin to log in to the CLI.
    3. Run command to change the password.
      • Run change object_storage_compatible_s3_billing initial_password, and enter the super administrator's password, new password and confirm password.
      • Run change object_storage_compatible_s3_billing password, and enter the old password, new password and confirm password.
NOTE:
  • The validity period of the password of obsbilling is 30 days. Change the password periodically.
  • If you forget the password of obsbilling account, you can reset it by using the DeviceManager super administrator account.

Password rule:

By default, a password must be 8 to 32 characters in length and contains special characters and at least two types of lowercase letters, uppercase letters, and digits. It cannot be the same as the user name or the user name typed backwards, and cannot be the same as the passwords used last five times. Each character must not occur more than three times consecutively in a password.
NOTE:
To set the minimum length, maximum length, character type, the maximum number of times that a character can occur consecutively in a password, and the number of historical passwords, choose Settings > Permission Settings > Security Policies.

How to delete/deactivate:

NOTE:
If the account is deleted, you cannot connect to the account server. Do not perform this operation.

You can log in to the Linux operating system and run the userdel command to delete the account.

Lock account policy:

The account will be locked if entering the wrong password more than three times. After being locked for five minutes, the account will be unlocked automatically.

Manually unlock the account as follows:

  1. Locally log in to the node as root.
    • P12E/P25E/P36E/C36E: Use the KVM to log in to the node.
    • P12/P25/P36/C36: Use the KVM to log in to the node.
    • C72: Use the system serial port on controller enclosure to log in to the node.

      The baud rate is 115200. There are 8 data bits and 1 stop bit. Parity check and data flow control are not implemented.

  2. Run pam_tally2 --user obsbilling --reset.

Toolkit Account admin

Default password: Admin@storage

Description: Use the default account to log in to the system and implement deployment. After the deployment is complete, log in to the system as the super administrator to expand and upgrade the system.

NOTE:

After the deployment is complete, this account is the same as DeviceManager and CLI account admin. After changing the password, you need to log in to Toolkit, DeviceManager, and CLI with the new password.

After the deployment is complete, the Toolkit service is closed.

Password change method:

After logging in to the system, click Change Password in the upper right corner of the main window.

NOTE:

This method is applicable to the deployment phase only. After the deployment is complete, the method of changing the password is the same as that on the DeviceManager and CLI.

The password changed by this method takes effect only during deployment phase. After the deployment is complete, the password will be reset to Admin@storage.

Password rule:

  • Before the deployment is complete: A password must be 8 to 32 characters in length and contains special characters and at least two types of lowercase letters, uppercase letters, and digits. It cannot be the same as the user name or the user name typed backwards. It cannot be the same as the current password.
  • After the deployment is complete: A password must be 8 to 32 characters in length and contains special characters and at least two types of lowercase letters, uppercase letters, and digits. It cannot be the same as the user name or the user name typed backwards, and cannot be the same as the passwords used last five times. Each character must not occur more than three times consecutively in a password.
    NOTE:
    To set the minimum length, maximum length, character type, the maximum number of times that a character can occur consecutively in a password, and the number of historical passwords, choose Settings > Permission Settings > Security Policies.

How to delete/deactivate:

This account is a default account and cannot be deleted.

Lock account policy:

  • Before the deployment is complete: the account will be locked if entering the wrong password three times. After being locked for 30 minutes, the account will be unlocked automatically. Manually unlocking the account is not available.
  • After the deployment is complete: by default, the account will be locked if entering the wrong password more than three times. After being locked for 15 minutes, the account will be unlocked automatically. Manually unlocking the account is not available.

    The wrong password times and auto unlock time can be configured through logging in to DeviceManager and choose Settings > Permission Settings > Security Policies.

DeviceManager and CLI Account admin

Default password: Admin@storage

Description: Log in to DeviceManager or CLI using the admin account to manage OceanStor 9000.

NOTE:
Account admin of DeviceManager and CLI is the same. After changing the password, you need to log in to DeviceManager and CLI with the new password.

Password change method:

  • After logging in to DeviceManager, choose Settings > Permission Settings > User Management, select admin, and click Modify.
  • CLI command method:
    1. Use SSH to log in remotely to the management storage node (marked with OceanStor 9000 management IP address) as user omuser.
    2. Run cli_start -u admin to log in to the CLI.
    3. Run change system user password to enter the old password and new password as prompted.

Password rule:

By default, a password must be 8 to 32 characters in length and contains special characters and at least two types of lowercase letters, uppercase letters, and digits. It cannot be the same as the user name or the user name typed backwards, and cannot be the same as the passwords used last five times. Each character must not occur more than three times consecutively in a password.
NOTE:
To set the minimum length, maximum length, character type, the maximum number of times that a character can occur consecutively in a password, and the number of historical passwords, choose Settings > Permission Settings > Security Policies.

How to delete/deactivate:

This account is an administrator account and cannot be deleted.

Lock account policy:

By default, the account will be locked if entering the wrong password more than three times. After being locked for 15 minutes, the account will be unlocked automatically. Manually unlocking the account is not available.

The wrong password times and auto unlock time can be configured through logging in to DeviceManager and choose Settings > Permission Settings > Security Policies.

DeviceManager and CLI Account omuser

Default password: Omuser@storage

Description: Log in to DeviceManager or CLI using the omuser account to manage OceanStor 9000.

NOTE:

Account omuser of DeviceManager and CLI is the same. Changing the password of omuser through DeviceManager or CLI method will change the operating system account omuser's password automatically.

Password change method:

  • Log in to DeviceManager as user admin.
    1. Choose Settings > Permission Settings > User Management, select omuser, and click Modify.
    2. Click Initialize password, input the super administrator password, new password, and confirm password.
  • Log in to DeviceManager as user omuser.
    1. Choose Settings > Permission Settings > User Management, select omuser, and click Modify.
    2. Input the old password and set the new password.
  • Log in to CLI with admin:
    1. Use SSH to log in remotely to the management storage node (marked with OceanStor 9000 management IP address) as user omuser.
    2. Run cli_start -u admin to log in to the CLI.
    3. Run show system user general to query the ID of user omuser.
    4. Run change system user initial_password id. Enter the password of the super administrator and a new password, and enter the new password again.

      id is the ID of user omuser.

  • Log in to CLI with omuser:
    1. Use SSH to log in remotely to the management storage node (marked with OceanStor 9000 management IP address) as user omuser.
    2. Run cli_start -u omuser to log in to the CLI.
    3. Run change system user password to enter the old password and new password as prompted.
NOTE:

If the SystemReporter is used, every time after you change the password, you must log in to SystemReporter to update the registered password of the OceanStor 9000 immediately. Otherwise, the latest report data is unavailable.

Every time after you change the password, you must log in to Toolkit to update the password of added device.

Password rule:

By default, a password must be 8 to 32 characters in length and contains special characters and at least two types of lowercase letters, uppercase letters, and digits. It cannot be the same as the user name or the user name typed backwards, and cannot be the same as the passwords used last five times. Each character must not occur more than three times consecutively in a password.
NOTE:
To set the minimum length, maximum length, character type, the maximum number of times that a character can occur consecutively in a password, and the number of historical passwords, choose Settings > Permission Settings > Security Policies.

How to delete/deactivate:

This account is a default account and cannot be deleted.

Lock account policy:

By default, the account will be locked if entering the wrong password more than three times. After being locked for 15 minutes, the account will be unlocked automatically.

The wrong password times and auto unlock time can be configured through logging in to DeviceManager and choose Settings > Permission Settings > Security Policies.

To manually unlock the account, log in to DeviceManager or CLI as user admin to unlock the account.

DeviceManager and CLI Account securityAdmin

NOTE:
This account exists only when data encryption is enabled during system deployment.

Default password: securityAdmin@storage

Description: Data encryption administrator that can manage key files, including regenerating, backing up, and recovering key files.

Password change method:

  • Log in to DeviceManager with securityAdmin, choose Settings > Permission Settings > User Management, select securityAdmin, and click Modify.
  • CLI command method:
    1. Use SSH to log in remotely to the management storage node (marked with OceanStor 9000 management IP address) as user omuser.
    2. Run cli_start -u securityAdmin to log in to the CLI.
    3. Run change system user password to enter a password as prompted.

Password rule:

By default, a password must be 8 to 32 characters in length and contains special characters and at least two types of lowercase letters, uppercase letters, and digits. It cannot be the same as the user name or the user name typed backwards, and cannot be the same as the passwords used last five times. Each character must not occur more than three times consecutively in a password.
NOTE:
To set the minimum length, maximum length, character type, the maximum number of times that a character can occur consecutively in a password, and the number of historical passwords, choose Settings > Permission Settings > Security Policies.

How to delete/deactivate:

This account is a default account and cannot be deleted.

Lock account policy:

The account will be locked if entering the wrong password more than three times. After being locked for 15 minutes, the account will be unlocked automatically. Manually unlocking the account is not available.

The wrong password times can be configured through logging in to DeviceManager and choose Settings > Permission Settings > Security Policies.

iBMC Account root

Default password: Huawei12#$

Description: Manage and maintain the node device (P12E/P25E/P36E/C36E).

Password change method:

  • On the CLI, use the specific command to change the password of the iBMC user for all nodes.
    1. Use SSH to log in remotely to the management storage node (marked with OceanStor 9000 management IP address) as user omuser.
    2. Run cli_start -u admin to log in to the CLI.
    3. Run the change system ipmi_password root command, enter the password of user admin, and set a new password for user root of iBMC as prompted.
    NOTE:

    When using the CLI command to set the password of the iBMC user, the "-" symbol can not be used as the first character of the new password.

  • Enter the BIOS and change the password of the iBMC user for a single node.
    1. Press Delete to go to the BIOS interface when the system is starting up.
    2. Enter the BIOS password as prompted.
    3. On the Advanced screen, choose IPMI iBMC Configuration > iBMC Configuration > Reset iBMC User Password.

Password rule:

  • Must contain 8 to 20 characters.
  • Must contain at least one space or one of the following special characters:

    `~!@#$%^&*()-_=+\|[{}];:'",<.>/?

  • Must contain at least two types of the following characters:
    • Letters: a to z
    • Letters: A to Z
    • Digits: 0 to 9
  • Must not be the user name or the user name in reverse order.

How to delete/deactivate:

You can log in to the Linux operating system and run the ipmitool user set name 2 '' command to delete the account.

Lock account policy:

The account will be locked if entering the wrong password more than five times. After being locked for five minutes, the account will be unlocked automatically. Manually unlocking the account is not available.

The wrong password times can be configured through logging in to iBMC webUI and choose Config > Security Enhance.

IPMI Account admin

Default password: Admin@storage

Description: Manage and maintain the node device (P12/P25/P36/C36).

Password change method:

  • On the CLI, use the specific command to change the password of the admin user for all nodes.
    1. Use SSH to log in remotely to the management storage node (marked with OceanStor 9000 management IP address) as user omuser.
    2. Run cli_start -u admin to log in to the CLI.
    3. Run change system ipmi_password admin to set the password as prompted.
    NOTE:

    When using the CLI command to set the password of the iBMC user, the "-" symbol can not be used as the first character of the new password.

  • BIOS method.
    1. Press ESC to go to the BIOS interface when the system is starting up.
    2. Choose SCU and enter the current password.
    3. On the Advanced screen, choose IPMI BMC Configuration > BMC Configuration > Set BMC password.

Password rule:

A password must be at least 8 characters in length and contains special characters and at least two types of lowercase letters, uppercase letters, and digits. It cannot be the same as the user name or the user name typed backwards.

How to delete/deactivate:

This account is an administrator account and cannot be deleted.

Lock account policy:

The account will be locked if entering the wrong password five times. After being locked for five minutes, the account will be unlocked automatically.

BIOS Account

Default password:
  • P12E/P25E/P36E/C36E: Huawei12#$
  • P12/P25/P36/C36: Admin@storage

Description: Basic input/output system on the node device that provides hardware setting and control functions.

Password change method:

NOTE:
  • For a P12E/P25E/P36E/C36E node, do not use F9 to restore the BIOS default settings.
  • For a P12E/P25E/P36E/C36E node, do not enable the NUMA function in the BIOS.
  1. Press ESC to go to the BIOS interface when the system is starting up.
  2. Choose SCU and enter the current password.
  3. On the Security screen, choose Set Supervisor password.

Password rule:

A password must be 8 to 16 characters in length and contains special characters and at least two types of lowercase letters, uppercase letters, and digits.

How to delete/deactivate:

Cannot be deleted.

Lock account policy:

The BIOS will be locked if entering the wrong password three times. You can restart the system for reset.

GRUB Account

Default password: Huawei@123#

Description: A manager for starting multiple operating systems.

Password change method:

  1. Use SSH to log in remotely to the management storage node (marked with OceanStor 9000 management IP address) as user omuser.
  2. Run su - root and enter the password of user root to switch to user root.
  3. Run grub-crypt and enter a new password and then the new password again.

    After the new password is set, a check value of the password is generated.

  4. Record the check value.
  5. Run vi /boot/grub/menu.lst.
  6. Press I to go to the editing mode.
  7. Locate the password --encrypted option and replace the check value of the original password with the recorded one.
  8. Press Esc and enter :wq!.
NOTE:
The new password will take effect at next startup.

Password rule:

The system does not do password complexity verification, but for security purposes, you are advised to set a complex password by following the rule: a password should be at least 8 in length and contains special characters and at least two types of lowercase letters, uppercase letters, and digits.

How to delete/deactivate:

Cannot be deleted.

Lock account policy:

Cannot be locked.

SES Serial Port Account administrator

Default password: Omuser@storage

Description: SES serial port account for C72.

Password change method:

  • Log in to DeviceManager as user admin.
    1. Choose Settings > Permission Settings > User Management, select omuser, and click Modify.
    2. Click Initialize password, input the super administrator password, new password, and confirm password.
  • Log in to DeviceManager as user omuser.
    1. Choose Settings > Permission Settings > User Management, select omuser, and click Modify.
    2. Input the old password and set the new password.
  • Log in to CLI with admin:
    1. Use SSH to log in remotely to the management storage node (marked with OceanStor 9000 management IP address) as user omuser.
    2. Run cli_start -u admin to log in to the CLI.
    3. Run show system user general to query the ID of user omuser.
    4. Run change system user initial_password id. Enter the password of the super administrator and a new password, and enter the new password again.

      id is the ID of user omuser.

  • Log in to CLI with omuser:
    1. Use SSH to log in remotely to the management storage node (marked with OceanStor 9000 management IP address) as user omuser.
    2. Run cli_start -u omuser to log in to the CLI.
    3. Run change system user password to enter the old password and new password as prompted.
NOTE:

If the SystemReporter is used, every time after you change the password, you must log in to SystemReporter to update the registered password of the OceanStor 9000 immediately. Otherwise, the latest report data is unavailable.

If the SmartKit is used, every time after you change the password, you must log in to SmartKit to update the password of added device.

Changing the password of operating system account omuser, the DeviceManager and CLI account omuser and SES account administrator's password will change automatically.
  • When the password of operating system account omuser is expired, multiple methods can be used to change it. You are advised to change the password using DeviceManager or CLI rather than using SSH. Otherwise, the changed password will not be synchronized to account omuser of DeviceManager and CLI and the account of the SES serial port.
  • If you have changed the password using SSH, change the password again by using DeviceManager or CLI, enabling the changed password to be synchronized to other accounts.

The validity period of the password of omuser is 90 days. Change the password periodically.

Password rule:

By default, a password must be 8 to 32 characters in length and contains special characters and at least two types of lowercase letters, uppercase letters, and digits. It cannot be the same as the user name or the user name typed backwards, and cannot be the same as the passwords used last five times. Each character must not occur more than three times consecutively in a password.
NOTE:
To set the minimum length, maximum length, character type, the maximum number of times that a character can occur consecutively in a password, and the number of historical passwords, choose Settings > Permission Settings > Security Policies.

How to delete/deactivate:

This account is an administrator account and cannot be deleted.

Lock account policy:

The account will be locked if entering the wrong password three times. After being locked for five minutes, the account will be unlocked automatically.

Manually unlocking the account is not available.

SFTP Account omsftp

Default password: Omsftp@Storage

Description: SFTP is used to:
  • Export event and quota information from the DeviceManager.
  • Import license file using CLI command.
  • Transfer data between SystemReporter and OceanStor 9000.

Password change method:

  1. Use SSH to log in remotely to the management storage node (marked with OceanStor 9000 management IP address) as user omuser.
  2. Run cli_start -u admin to log in to the CLI.
  3. Run change sftpuser information ro omsftp to enter a password as prompted.
NOTE:
The validity period of the password of omsftp is 365 days. Change the password periodically.

Password rule:

A password must be 8 to 32 characters in length and contains special characters and at least two types of lowercase letters, uppercase letters, and digits. It cannot be the same as the user name or the user name typed backwards.

NOTE:
The minimum length of the password can be configured after logging in to DeviceManager and choose Settings > Permission Settings > Security Policies.

How to delete/deactivate:

NOTE:
If the account is deleted, SFTP-related functions work incorrectly. Do not perform this operation.

You can log in to the Linux operating system and run the userdel command to delete the account.

Lock account policy:

The account will be locked if entering the wrong password three times. After being locked for five minutes, the account will be unlocked automatically.

Manually unlock the account as follows:

  1. Locally log in to the node as root.
    • P12E/P25E/P36E/C36E: Use the KVM to log in to the node.
    • P12/P25/P36/C36: Use the KVM to log in to the node.
    • C72: Use the system serial port on controller enclosure to log in to the node.

      The baud rate is 115200. There are 8 data bits and 1 stop bit. Parity check and data flow control are not implemented.

  2. Run pam_tally2 --user omsftp --reset.

NDMP Service Account ndmp

Default password: Ndmp@storage

Description: Used to authenticate the connection between the backup software and the OceanStor 9000.

Password change method:

  • Log in to DeviceManager as a super administrator.
    1. Choose Settings > Storage Settings > File Storage Service > NDMP Settings.
    2. Click Enable.
    3. Click Modify > Initialize password on the right of Password.
    4. Input the admin user password and enter the new ndmp password in the New Password and Confirm Password text boxes respectively. Click OK.
    5. Click Save.
  • Log in to DeviceManager as an administrator.
    1. Choose Settings > Storage Settings > File Storage Service > NDMP Settings.
    2. Click Enable.
    3. Click Modify on the right of Password.
    4. Enter a new password, the new password again, and the original password in the New Password, Confirm Password, and Old Password text boxes respectively.
    5. Click Save.
  • CLI method:
    1. Use SSH to log in remotely to the management storage node (marked with OceanStor 9000 management IP address) as user omuser, administrator or resource administrator.
    2. Run cli_start -u admin to log in to the CLI.
    3. Run command to change the password.
      • Run change ndmp_service reset_password to reset the password by super administrator.
      • Run change ndmp_service username_password user_name, and enter old password, new password and confirm password.

        user_name is the name of NDMP service, you can query it by running show ndmp_service.

NOTE:
If you forget the password of ndmp account, you can reset it by using the DeviceManager super administrator account.

Password rule:

The new password must be 8 to 31 characters in length, contains special characters and at least two types of lowercase letters, uppercase letters, and digits. It cannot be the same as the user name or the user name typed backwards.

How to delete/deactivate:

This account is an administrator account and cannot be deleted.

Lock account policy:

By default, the account will be locked if entering the wrong password five times within one minute. After being locked for one minute, the account will be unlocked automatically.

The wrong password times can be configured through logging in to DeviceManager and choose Provisioning > User Authentication > Local Authentication User > More > Set Security Policies.

Manually unlocking the account is not available.

Replication Channel Authentication _machine_user

Default password: Mm_user@storage

Description: Used to authenticate links between the primary and secondary OceanStor 9000 storage systems in remote replication.

Password change method:

  1. Use SSH to log in remotely to the management storage node (marked with OceanStor 9000 management IP address) as user omuser.
  2. Run cli_start -u admin to log in to the CLI.
  3. Run change system user initial_password 4294967294 to enter a password as prompted.
NOTE:

The password of the channel authentication account (_machine_user) must be consistent between the local and remote clusters. After changing the account password of one end, modify the account password of the other end.

Password rule:

By default, a password must be 8 to 32 characters in length and contains special characters and at least two types of lowercase letters, uppercase letters, and digits. It cannot be the same as the user name or the user name typed backwards, and cannot be the same as the passwords used last five times. Each character must not occur more than three times consecutively in a password.
NOTE:
To set the minimum length, maximum length, character type, the maximum number of times that a character can occur consecutively in a password, and the number of historical passwords, choose Settings > Permission Settings > Security Policies.

How to delete/deactivate:

This account is a default account and cannot be deleted.

Lock account policy:

The IP will be locked if entering the wrong password three times. After being locked for ten minutes, the IP will be unlocked automatically.

Manually unlocking the account is not available.

Cloud_upf Database Account gaussdba

Default password: gauss@1234

Description: man-machine account of the database. A database is used to store information about accounts and users of the object storage service.

Password change method:

  1. Use SSH to log in remotely to the management storage node (marked with OceanStor 9000 management IP address) as user omuser.
  2. Run cli_start -u admin to log in to the CLI.
  3. Run change system gaussdb_password poe_gaussdba to enter a password as prompted.

Password rule:

A password must be 8 to 16 characters in length and contains special characters and at least two types of lowercase letters, uppercase letters, and digits. It cannot be the same as the user name or the user name typed backwards, and cannot be the same as the used password during the last 60 days.

How to delete/deactivate:

This account is a default account and cannot be deleted.

Lock account policy:

Locking the account is not available.

Cloud_mdc Database Account gaussdba

Default password: gauss@1234

Description: man-machine account of the database. A database is used to store information about accounts and users of the object storage service.

Password change method:

  1. Use SSH to log in remotely to the management storage node (marked with OceanStor 9000 management IP address) as user omuser.
  2. Run cli_start -u admin to log in to the CLI.
  3. Run change system gaussdb_password mdc_gaussdba to enter a password as prompted.

Password rule:

A password must be 8 to 16 characters in length and contains special characters and at least two types of lowercase letters, uppercase letters, and digits. It cannot be the same as the user name or the user name typed backwards, and cannot be the same as the used password during the last 60 days.

How to delete/deactivate:

This account is a default account and cannot be deleted.

Lock account policy:

Locking the account is not available.

Translation
Download
Updated: 2019-04-28

Document ID: EDOC1000122530

Views: 12661

Downloads: 40

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next