security login show

Show user login methods

Availability: This command is available to cluster administrators at the admin privilege level.

Description

The security login show command displays the following information about user login methods:

Parameters

{ [-fields <fieldname>, ...]
If you specify the -fields <fieldname>, ... parameter, the command output also includes the specified field or fields. You can use '-fields ?' to display the fields to specify.
| [-instance ]}
If you specify the -instance parameter, the command displays detailed information about all fields.
[-vserver <Vserver Name>] - Vserver
Displays the login methods that match the specified Vserver name.
[-user-or-group-name <text>] - User Name or Group Name
Displays the login methods that match this parameter value. Value can be a user name or Active Directory, LDAP, or NIS group name.
[-application <text>] - Application
Displays the login methods that match the specified application type. Possible values include console, http, ontapi, rsh, snmp, service-processor, ssh, and telnet.
[-authentication-method <text>] - Authentication Method
Displays the login methods that match the specified authentication method. Possible values include the following:
  • cert - SSL certificate authentication
  • community - SNMP community strings
  • domain - Active Directory authentication
  • nsswitch - LDAP or NIS authentication
  • password - Password
  • publickey - Public-key authentication
  • usm - SNMP user security model
  • saml - SAML authentication
[-remote-switch-ipaddress <IP Address>] - Remote Switch IP Address
Displays the login methods that match the specified IP address of the remote switch. The remote switch could be a cluster switch monitored by cluster switch health monitor (CSHM) or a Fibre Channel (FC) switch monitored by MetroCluster health monitor (MCC-HM). This parameter is applicable only when the application is snmp and authentication method is usm (SNMP user security model).
[-role <text>] - Role Name
Displays the login methods that match the specified role.
[-is-account-locked {yes|no}] - Account Locked
Displays the login methods that match the specified account lock status.
[-comment <text>] - Comment Text
Displays the login methods that match the specified comment text.
[-is-ns-switch-group {yes|no}] - Whether Ns-switch Group
This specifies whether user-or-group-name is an LDAP or NIS group. Possible values are yes or no.
[-hash-function {sha512|sha256}] - Password Hash Function (privilege: advanced)
Displays the login methods that match the specified password-hashing algorithm. Possible values are:
  • sha512 - Secure hash algorithm (512 bits)
  • sha256 - Secure hash algorithm (256 bits)
  • md5 - Message digest algorithm (128 bits)
[-second-authentication-method {none|publickey|password|nsswitch}] - Second Authentication Method2
Displays the login methods that match the specified authentication method to be used as the second factor. Possible values include the following:
  • password - Password
  • publickey - Public-key authentication
  • nsswitch - NIS or LDAP authentication
  • none - default value

Examples

The example below illustrates how to display information about all user login methods:
cluster1::> security login show

Vserver: cluster1
                                                                 Second
User/Group                 Authentication                 Acct   Authentication
Name           Application Method        Role Name        Locked Method
-------------- ----------- ------------- ---------------- ------ --------------
admin          console     password      admin            no     none
admin          http        password      admin            no     none
admin          ontapi      password      admin            no     none
admin          service-processor
                           password      admin            no     none
admin          ssh         password      admin            no     none
autosupport    console     password      autosupport      no     none

Vserver: vs1.netapp.com
                                                                 Second
User/Group                 Authentication                 Acct   Authentication
Name           Application Method        Role Name        Locked Method
-------------- ----------- ------------- ---------------- ------ --------------
vsadmin        http        password      vsadmin          yes    none
vsadmin        ontapi      password      vsadmin          yes    none
vsadmin        ssh         password      vsadmin          yes    none
9 entries were displayed.