security login modify
- PDF of this doc site
Collection of separate PDF docs
Creating your file...
Modify a login method
Availability: This command is available to cluster administrators at the admin privilege level.
Description
The security login modify
command modifies the access-control role name of a login method. If the user is a member of multiple groups provisioned in the security login table, then the user will get access to a combined list of the commands authorized for the individual groups.
Parameters
-vserver <Vserver Name>
- Vserver-
This specifies the Vserver name of the login method.
-user-or-group-name <text>
- User Name or Group Name-
This specifies the user name, Active Directory, LDAP, or NIS group name of the login method that is to be modified. A user name can be associated with multiple applications. If the user is a member of multiple groups provisioned in the security login table, then the user will get access to a combined list of the commands authorized for the individual groups.
-application <text>
- Application-
This specifies the application of the login method. Possible values include console, http, ontapi, rsh, snmp, service-processor, ssh, and telnet.
-authentication-method <text>
- Authentication Method-
This specifies the authentication method of the login method. Possible values include the following:
-
cert - SSL certificate authentication
-
community - SNMP community strings
-
domain - Active Directory authentication
-
nsswitch - LDAP or NIS authentication
-
password - Password
-
publickey - Public-key authentication
-
usm - SNMP user security model
-
saml - SAML authentication
-
[-remote-switch-ipaddress <IP Address>]
- Remote Switch IP Address-
This specifies the IP address of the remote switch. The remote switch could be a cluster switch monitored by cluster switch health monitor (CSHM) or a Fibre Channel (FC) switch monitored by MetroCluster health monitor (MCC-HM). This parameter is applicable only when the application is
snmp
and authentication method isusm
(SNMP user security model). [-role <text>]
- Role Name-
This modifies the access-control role name for the login method.
[-comment <text>]
- Comment Text-
This specifies comment text for the user account, for example, "Guest account". The maximum length is 128 characters.
[-is-ns-switch-group {yes|no}]
- Whether Ns-switch Group-
This specifies if
user-or-group-name
is an LDAP or NIS group. Possible values are yes or no. Default value is no. [-second-authentication-method {none|publickey|password}]
- Second Authentication Method2-
This specifies the authentication method for the login method. It will be used as the second factor for authentication. Possible values include the following:
-
password - Password
-
publickey - Public-key authentication
-
none - default value
-
Examples
The following example illustrates how to modify a login method that has the user name guest
, the application ontapi
, and the authentication method password
to use the access-control role guest
for Vserver vs
:
cluster1::> security login modify -user-or-group-name guest -application ontapi -authentication-method password -role guest -vserver vs
The following example illustrates how to modify a login method that has the user name guest
, the application ssh
, and the authentication method publickey
to use the access-control role vsadmin
for Vserver vs
:
cluster1::> security login modify -user-or-group-name guest -application ssh -authentication-method publickey -role vsadmin -vserver vs
The following example illustrates how to modify a login method that has the group name nssgroup
, the application ontapi
, and the authentication method nsswitch
to use the access-control role readonly
for Vserver vs
. Here is-ns-switch-group
must be set to yes
:
cluster1::> security login modify -user-or-group-name nssgroup -application ontapi -authentication-method nsswitch -role readonly -vserver vs -is-ns-switch-group yes
The following example illustrates how to modify a login method that has the user name guest
, the application ssh
, and the authentication method publickey
to use the second-authentication-method password
for Vserver vs
:
cluster1::> security login modify -user-or-group-name guest -application ssh -authentication-method publickey -second-authentication-method password -vserver vs
The following example illustrates how to modify a login method to have individual authentication methods that have the user name guest
, the application ssh
, and the authentication method publickey
to use the second-authentication-method none
for Vserver vs
:
cluster1::> security login modify -user-or-group-name guest -application ssh -authentication-method publickey -second-authentication-method none -vserver vs