Unsolved
This post is more than 5 years old
5 Posts
0
4985
August 8th, 2013 05:00
VMAX users
Hi all,
I was wondering if ther is the way to set an exipration password time for the VMAX users.
If I'm going to run a symcli command:"symauth -sid xxx list -user", it shows me users but without any notification on the expiration pwd period.
Is there a way to set i up and show this kind of information?
Thanks to all,
Francesco.
No Events found!
Fenglin1
6 Operator
•
2.1K Posts
0
August 8th, 2013 22:00
What's kind of authentication you use? If you use Windows AD, it should be integrated with domain policy. If you use local authentication ,I believe it shouldn't be possible.
Fenglin1
6 Operator
•
2.1K Posts
0
August 8th, 2013 22:00
BTW, your question written to the users' own "Discussions" space don't get the same amount of attention and questions can go unanswered for a long time, You can select "Move" under ACTIONS along the upper-right. Then search for and select: "Symmetrix Support Forum" which would be the most relevant for this question.
francesco76
5 Posts
0
August 9th, 2013 01:00
Thanks Fenglin.
I moved my question under Symmetrix forum.
Anyway, I meant VMAX users which are allowed to perform symmetrix administration and management through SYMCLI.
francesco76
5 Posts
0
August 9th, 2013 02:00
Hi Paul,
thanks for your reply. I was reading that document (Sym Security guide) already and I was aware of the roles you wrote.
What I would like to understand is if there is a way to set an expiration password time on a defined user. I'm trying to explain that with an example. Let’s assume I create a user in a StorageAdmin role with pwd .
Is this pwd always valid? Is there a time when symmetrix will ask to change it as it is expired? Is there a way to fix a time after password will expire?
Hope to have been clearer now.
Thanks in advance,
Francesco.
rawstorage
4 Apprentice
•
423 Posts
0
August 9th, 2013 02:00
The following roles can be defined with the permissions as follows, Full details are in the Symetrix Secruity Guide, best thing to do is look for the Solutions Enabler Documentation Set- This contains all the guides in a single doc set.
Monitor - Performs read-only (passive) operations on a Symmetrix system excluding
the ability to read the audit log or access control definitions.
StorageAdmin - Performs all management (active or control) operations on a
Symmetrix system in addition to all Monitor operations. This role does not allow users
to perform security operations.
Administrator - Performs all operations on a Symmetrix system, including security
operations in addition to all StorageAdmin and Monitor operations.
SecurityAdmin - Performs security operations on a Symmetrix system in addition to all
Monitor operations.
Auditor - Grants the ability to view, but not modify, security settings for a Symmetrix
system (including reading the audit log, symacl list, and symauth) in addition to all
Monitor operations. This is the minimum role required to view the Symmetrix audit
log.
Perf Monitor - Performs the same operations as a as a monitor, with the addition of being
able to set performance alerts and thresholds.
Initial Setup User - Defined during installation, this temporary role provides
administrator-like permissions for the purpose of adding local users and roles to
Unisphere. For more information on the Initial Setup User, see the online help
Hope this helps!
Roshan_Raju
53 Posts
1
August 9th, 2013 03:00
Hello Francesco,
I don't think we have something like what you are looking for in UNIVMAX for the local users. But as Fenglin Li pointed out, you can couple the AD authentication into UNIVMAX and hence set policy for the users to expire password on the AD level. But for local users, nothing in UNIVMAX as of now.
Hope it helps.
Regards,
Roshan Raju.