security login show

Show user login methods

Availability: This command is available to cluster administrators at the admin privilege level.

Description

The security login show command displays the following information about user login methods:

User name
Application (console, http, ontapi, rsh, snmp, service-processor, ssh, or telnet)
Authentication method (community, password, publickey, or usm)
Role name
Whether the account is locked
Whether the user name refers to nsswitch group
Password hash function

Parameters

{ [-fields <fieldname>, ...]

If you specify the -fields <fieldname>, ... parameter, the command output also includes the specified field or fields. You can use '-fields ?' to display the fields to specify.

| [-instance ]}

If you specify the -instance parameter, the command displays detailed information about all fields.

[-vserver <Vserver Name>] - Vserver

Displays the login methods that match the specified Vserver name.

[-user-or-group-name <text>] - User Name or Group Name

Displays the login methods that match this parameter value. Value can be a user name or Active Directory, LDAP, or NIS group name.

[-application <text>] - Application

Displays the login methods that match the specified application type. Possible values include console, http, ontapi, rsh, snmp, service-processor, ssh, and telnet.

[-authentication-method <text>] - Authentication Method

Displays the login methods that match the specified authentication method. Possible values include the following:

cert - SSL certificate authentication
community - SNMP community strings
domain - Active Directory authentication
nsswitch - LDAP or NIS authentication
password - Password
publickey - Public-key authentication
usm - SNMP user security model

[-role <text>] - Role Name

Displays the login methods that match the specified role.

[-is-account-locked {yes|no}] - Account Locked

Displays the login methods that match the specified account lock status.

[-comment <text>] - Comment Text

Displays the login methods that match the specified comment text.

[-is-ns-switch-group {yes|no}] - Whether Ns-switch Group

This specifies whether user-or-group-name is an LDAP or NIS group. Possible values are yes or no.

[-hash-function {sha512|sha256}] - Password Hash Function (privilege: advanced)

Displays the login methods that match the specified password-hashing algorithm. Possible values are:

sha512 - Secure hash algorithm (512 bits)
sha256 - Secure hash algorithm (256 bits)
md5 - Message digest algorithm (128 bits)

Examples

The example below illustrates how to display information about all user login methods:

cluster1::> security login show

Vserver: cluster1
                            Authentication              Acct   Is-Nsswitch
User/Group Name Application Method         Role Name    Locked Group
--------------- ----------- -------------- ------------ ------ -----------
admin           console     password       admin        no     no
admin           http        password       admin        no     no
admin           ontapi      password       admin        no     no
admin           service-processor
                            password       admin        no     no
admin           ssh         password       admin        no     no
autosupport     console     password       autosupport  no     no

Vserver: vs1.netapp.com
                            Authentication              Acct   Is-Nsswitch
User/Group Name Application Method         Role Name    Locked Group
--------------- ----------- -------------- ------------ ------ -----------
vsadmin         http        password       vsadmin      yes    no
vsadmin         ontapi      password       vsadmin      yes    no
vsadmin         ssh         password       vsadmin      yes    no
9 entries were displayed.