Local Users

Atlas 900 Compute Node iBMC (V3.01.00.00 or Later) User Guide 09

Rate and give feedback:

Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).

Local Users

Function Description

On the Local Users page, you can view and manage the users of the iBMC.

The iBMC supports a maximum of 16 users. You can add, modify, and delete users on the Local Users page.

GUI

Choose User & Security > Local Users.

The Local Users page is displayed, as shown in Figure 3-36.

Figure 3-36 Local Users page
Click to enlarge

Parameter Description

Table 3-40 Local Users

Parameter	Description
Add	Adds a local user.
User ID	Uniquely identifies a subscriber in the iBMC system.
User Name	User name for logging in to the iBMC.
Role	Role assigned to the user. The user role specifies the operations that can be performed by the user. Administrator: User who can perform all operations. The permissions of Administrator cannot be changed. Operator: User who can perform basic management, KVM management, VMM management, and power control, query information, and configure their own passwords. The permissions of Operator cannot be changed. Common User: User who can query information and configure their own passwords. The permissions of Common User cannot be changed. Custom Role 1 to 4: User who can perform the specified operations. No Access: Users assigned No Access role cannot perform any operation.
Login Interfaces	Interfaces through which the user can log in to the iBMC. Value: SNMP: The user can use an SNMP tool (such as MIB Browser) to log in to iBMC. SSH: The user can use an SSH tool (such as PuTTY) to log in to the iBMC CLI. IPMI: The user can use an IPMI tool (such as IPMItool) to log in to the iBMC CLI. Local: The user can use the serial port on the server to log in to the iBMC CLI. SFTP: The user can use an SFTP tool (such as Xftp) to log in to the iBMC file system. Web: The user can use a web browser to log in to the iBMC WebUI. Redfish: The user can use a Redfish tool to log in to iBMC.
Operation	Click Edit to modify the local user. Click Disable to disable the user. Click Enable to enable the user. Click Delete to delete the user. NOTE: All local users, including the administrators, operators, common users, and custom users, can be deleted. If there is only one administrator in the system, the administrator cannot be disabled or deleted. If OS User Management is enabled on the Users & Security > Security Mgmt page, you can also add iBMC users by sending standard IPMI commands from the OS.
Validity Period (days)	Validity period of the user password.
Login Rules	Login rules that apply for the user.

Table 3-41 SSH Public Key

Parameter	Description
Upload	Imports a public key for an SSH user.
Public Key file	Import an SSH public key file from the local client.
Public Key text	Enter SSH public key information in the text box.
Enter the current user password	Password of the user for logging in to the iBMC.

Adding Users

You can add a maximum of 15 users for the iBMC.

Click Add.

The page for adding a user is displayed.

Table 3-42 Parameters for adding a user

Parameter	Description
New User ID	ID of the user to be added. Value range: 3 to 17
User Name	Name of the user to be added. Value: a string of 1 to 16 characters The user name must meet the following requirements: Allow letters, digits, and special characters (excluding :<>&,'"/\%). Cannot contain spaces or start with #, +, or -. Cannot be a period (.) or two periods (..).
Password	Password for logging in to the iBMC. For security purposes, enable password complexity check and periodically change your password. NOTE: Only the administrators can enable or disable the password complexity check. Disabling password complexity check may pose security risks. Enable this function if possible. Value: If password complexity check is disabled, the password can contain a maximum of 20 characters, including digits, letters, and special characters. If the password contains less than eight characters, the user cannot use the SNMPv3 interface. If password complexity check is enabled, the password must meet the following requirements: Contain 8 to 20 characters Contain at least a space or one of the following special characters: `~!@#$%^&()-_=+\\|[{}];:'",<.>/? Contain at least two types of the following characters: Uppercase letters A to Z Lowercase letters a to z Digits 0 to 9 Cannot be the same as the user name or the user name in reverse order. Have at least two new characters when compared with the previous password (not required from iBMC V3.01.12.01). If weak password check is enabled, the password cannot be the same as the passwords contained in the weak password dictionary. (You can run the ipmcset -t user -d weakpwddic -v export* command to export the weak passwords from the weak password dictionary.) NOTE: The default password Admin@9000 is in the weak password dictionary. For security purposes, do not use passwords consisting of only repeated strings, such as aa, abababab, or abcdabcd.
Confirm Password	Password for logging in to the iBMC. This value must be the same as Password.
Role	Role assigned to the user. The user role specifies the operations that can be performed by the user. Values: Administrator: User who can perform all operations. The permissions of Administrator cannot be changed. Operator: User who can perform basic management, KVM management, VMM management, and power control, query information, and configure their own passwords. The permissions of Operator cannot be changed. Common User: User who can query information and configure their own passwords. The permissions of Common User cannot be changed. Custom Role 1 to 4: User who can perform the specified operations. No Access: Users assigned No Access role cannot perform any operation. NOTE: The default role is No Access for new users.
Login Rules	Login rules that apply for the user.
Login Interfaces	Interfaces through which the user can log in to the iBMC. Values: SNMP: The user can use an SNMP tool (such as MIB Browser) to log in to iBMC. SSH: The user can use an SSH tool (such as PuTTY) to log in to the iBMC CLI. IPMI: The user can use an IPMI tool (such as IPMItool) to log in to the iBMC CLI. Local: The user can use the serial port on the server to log in to the iBMC CLI. SFTP: The user can use an SFTP tool (such as Xftp) to log in to the iBMC file system. Web: The user can use a web browser to log in to the iBMC WebUI. Redfish: The user can use a Redfish tool to log in to iBMC. NOTE: By default, all login interfaces are selected for a new user.
Current User Password	Password of the user for logging in to the iBMC.
Save	Saves the information.
Cancel	Exits the page for setting a local user without saving the settings.

Set user parameters. For details about the parameters, see Table 3-42.
- The user with ID 1 is a reserved user defined in the IPMI standard. This user is not allowed to log in to the iBMC.
- The user with ID 2 is the default user.

Click Save.
The information about the new user is displayed in the user list.

Modifying User Information

In the local user list, locate the user to be modified and click Edit.

The page for modifying user information is displayed.

Table 3-43 Parameters related to editing a user

Parameter	Description
User Name	Name of the user to be modified.
Password	New password of the user. If password complexity check is disabled, the password can contain a maximum of 20 characters, including digits, letters, and special characters. If the password contains less than eight characters, the user cannot use the SNMPv3 interface. If password complexity check is enabled, the password must meet the following requirements: Contain 8 to 20 characters Contain at least a space or one of the following special characters: `~!@#$%^&()-_=+\\|[{}];:'",<.>/? Contain at least two types of the following characters: Uppercase letters A to Z Lowercase letters a to z Digits 0 to 9 Cannot be the same as the user name or the user name in reverse order. Have at least two new characters when compared with the previous password (not required from iBMC V3.01.12.01). If weak password check is enabled, the password cannot be the same as the passwords contained in the weak password dictionary. (You can run the ipmcset -t user -d weakpwddic -v export* command to export the weak passwords from the weak password dictionary.) NOTE: The default password Admin@9000 is in the weak password dictionary. For security purposes, do not use passwords consisting of only repeated strings, such as aa, abababab, or abcdabcd.
Confirm Password	New password reentered for confirmation. It must be the same as Password.
Role	Role assigned to the user. The user role specifies the operations that can be performed by the user. Values: Administrator: User who can perform all operations. The permissions of Administrator cannot be changed. Operator: User who can perform basic management, KVM management, VMM management, and power control, query information, and configure their own passwords. The permissions of Operator cannot be changed. Common User: User who can query information and configure their own passwords. The permissions of Common User cannot be changed. Custom Role 1 to 4: User who can perform the specified operations. No Access: Users assigned No Access role cannot perform any operation.
Login Rules	Login rules that apply for the user.
Login Interfaces	Interfaces through which the user can log in to the iBMC. Values: SNMP: The user can use an SNMP tool (such as MIB Browser) to log in to iBMC. SSH: The user can use an SSH tool (such as PuTTY) to log in to the iBMC CLI. IPMI: The user can use an IPMI tool (such as IPMItool) to log in to the iBMC CLI. Local: The user can use the serial port on the server to log in to the iBMC CLI. SFTP: The user can use an SFTP tool (such as Xftp) to log in to the iBMC file system. Web: The user can use a web browser to log in to the iBMC WebUI. Redfish: The user can use a Redfish tool to log in to iBMC. NOTE: After the IPMI login interface is enabled for a user, the user login password must be reset. After the SNMP authentication algorithm is changed for a user, the login password and SNMPv3 encryption password of the user must be reset.
SNMPv3 Encryption Password	An encryption password can be set for a user who uses SNMP for communication to ensure communication security. The encryption password must comply with the password rules for local users. Default value: same as the user login password. NOTE: If you do not set this parameter, the SNMPv3 encryption password will be synchronized with the user login password. You are advised to set the SNMPv3 encryption password for security purposes. If you set an SNMPv3 encryption password, this password will not be synchronized with the user login password. For security purposes, do not use passwords consisting of only repeated strings, such as aa, abababab, or abcdabcd.
Confirm Password	SNMPv3 encryption password re-entered for confirmation.
Authentication Algorithm	SNMPv3 authentication algorithm. Value: MD5 SHA SHA256 SHA384 SHA512 Default value: SHA256 NOTE: This setting applies only to SNMPv3 and SNMPv3 Trap. MD5 and SHA may pose security risks. SHA256, SHA384, or SHA512 is recommended. SHA1 is deprecated and cannot be used. It is equivalent to SHA. When the server is managed by an NMS, the authentication algorithm type must be the same as that used on the NMS.
Encryption Algorithm	SNMPv3 encryption algorithm. Value: DES AES AES256 Default value: AES NOTE: Using DES may pose security risks. AES or AES256 is recommended. The encryption algorithm AES256 must be used with the authentication algorithm SHA256, SHA384, or SHA512.
Current User Password	Password of the user for logging in to the iBMC.
Save	Saves the information. NOTE: Changing the user name, password, or user role will forcibly log out the user.
Cancel	Exits the page for setting a local user without saving the settings.

Enter the current password of the user, and modify the user information.
For details about the parameters, see Table 3-43.
Click Save.
The user information is modified successfully.

Deleting a User

In the local user list, locate the user to be deleted and click Delete.
A confirmation dialog box is displayed, prompting you to enter the current user password.
Enter the current user password and click Yes.
The user is deleted from the user list.

Importing an SSH Public Key

After a private key is generated on a client, import the corresponding public key into the iBMC to ensure secure access of SSH users to the iBMC.
Each user can import only one public key. To change the public key, delete the existing public key and then import a new one.
Public keys can be in the RFC 4716 or OpenSSH format. The public key type is RSA or DSA. An RSA key contains 2048 or 4096 bits, and a DSA key contains 2048 bits.

Locate the user for which the SSH public key is to be imported, and click to the left of the user name.
Click Upload next to SSH Public Key.
The dialog box shown in Figure 3-37 is displayed.
Figure 3-37 Upload SSH public key
Select the import mode.
Select Public key file or Public key text.
Click to select the public key.
Enter current user password.
Click OK.

Function Description
GUI
Parameter Description
Adding Users
Modifying User Information
Deleting a User
Importing an SSH Public Key

Translation

简体中文

Download

Updated: 2023-08-04

Document ID: EDOC1100152759

Downloads: 100

Average rating:

This Document Applies to these Products

Related Version

Digital Signature File

Digital Signature Authentication Mode

Enterprise

Huawei Cloud

Carrier

Consumer

Corporate