security login modify

Modify a login method

Availability: This command is available to cluster administrators at the admin privilege level.

Description

The security login modify command modifies the access-control role name of a login method. If the user is a member of multiple groups provisioned in the security login table, then the user will get access to a combined list of the commands authorized for the individual groups.

Parameters

-vserver <Vserver Name> - Vserver
This specifies the Vserver name of the login method.
-user-or-group-name <text> - User Name or Group Name
This specifies the user name, Active Directory, LDAP, or NIS group name of the login method that is to be modified. A user name can be associated with multiple applications. If the user is a member of multiple groups provisioned in the security login table, then the user will get access to a combined list of the commands authorized for the individual groups.
-application <text> - Application
This specifies the application of the login method. Possible values include console, http, ontapi, rsh, snmp, service-processor, ssh, and telnet.
-authentication-method <text> - Authentication Method
This specifies the authentication method of the login method. Possible values include the following:
  • cert - SSL certificate authentication
  • community - SNMP community strings
  • domain - Active Directory authentication
  • nsswitch - LDAP or NIS authentication
  • password - Password
  • publickey - Public-key authentication
  • usm - SNMP user security model
[-role <text>] - Role Name
This modifies the access-control role name for the login method.
[-comment <text>] - Comment Text
This specifies comment text for the user account, for example, "Guest account". The maximum length is 128 characters.
[-is-ns-switch-group {yes|no}] - Whether Ns-switch Group
This specifies if user-or-group-name is an LDAP or NIS group. Possible values are yes or no. Default value is no.

Examples

The following example illustrates how to modify a login method that has the user name guest, the application ontapi, and the authentication method password to use the access-control role guest for Vserver vs:

cluster1::> security login modify -user-or-group-name guest -application ontapi -authentication-method password -role guest -vserver vs

The following example illustrates how to modify a login method that has the user name guest, the application ssh, and the authentication method publickey to use the access-control role vsadmin for Vserver vs:

cluster1::> security login modify -user-or-group-name guest -application ssh -authentication-method publickey -role vsadmin -vserver vs

The following example illustrates how to modify a login method that has the group name nssgroup, the application ontapi, and the authentication method nsswitch to use the access-control role readonly for Vserver vs. Here is-ns-switch-group must be set to yes:

cluster1::> security login modify -user-or-group-name nssgroup -application ontapi -authentication-method nsswitch -role readonly -vserver vs -is-ns-switch-group yes