Skip to main content

security login show

Contributors
Suggest changes
PDFs

Show user login methods

Availability: This command is available to cluster administrators at the admin privilege level.

Description

The security login show command displays the following information about user login methods:

  • User name

  • Application (amqp, console, http, ontapi, rsh, snmp, service-processor, ssh, or telnet)

  • Authentication method (community, password, publickey, or usm)

  • Role name

  • Whether the account is locked

  • Whether the user name refers to nsswitch group

  • Password hash function

  • LDAP fastbind authentication

Parameters

{ [-fields <fieldname>,…​]

If you specify the -fields <fieldname>, …​ parameter, the command output also includes the specified field or fields. You can use '-fields ?' to display the fields to specify.

| [-instance ] }

If you specify the -instance parameter, the command displays detailed information about all fields.

[-vserver <vserver name>] - Vserver

Displays the login methods that match the specified Vserver name.

[-user-or-group-name <text>] - User Name or Group Name

Displays the login methods that match this parameter value. Value can be a user name or Active Directory, LDAP, or NIS group name.

[-application <text>] - Application

Displays the login methods that match the specified application type. Possible values include amqp, console, http, ontapi, rsh, snmp, service-processor, ssh, and telnet.

[-authentication-method <text>] - Authentication Method

Displays the login methods that match the specified authentication method. Possible values include the following:

  • cert - SSL certificate authentication

  • community - SNMP community strings

  • domain - Active Directory authentication

  • nsswitch - LDAP or NIS authentication

  • password - Password

  • publickey - Public-key authentication

  • usm - SNMP user security model

  • saml - SAML authentication

[-remote-switch-ipaddress <IP Address>] - Remote Switch IP Address

Displays the login methods that match the specified IP address of the remote switch. The remote switch could be a cluster switch monitored by cluster switch health monitor (CSHM) or a Fibre Channel (FC) switch monitored by MetroCluster health monitor (MCC-HM). This parameter is applicable only when the application is snmp and authentication method is usm (SNMP user security model).

[-role <text>] - Role Name

Displays the login methods that match the specified role.

[-is-account-locked {yes|no}] - Account Locked

Displays the login methods that match the specified account lock status.

[-comment <text>] - Comment Text

Displays the login methods that match the specified comment text.

[-is-ns-switch-group {yes|no}] - Whether Ns-switch Group

This specifies whether user-or-group-name is an LDAP or NIS group. Possible values are yes or no.

[-hash-function {sha512|sha256}] - Password Hash Function (privilege: advanced)

Displays the login methods that match the specified password-hashing algorithm. Possible values are:

  • sha512 - Secure hash algorithm (512 bits)

  • sha256 - Secure hash algorithm (256 bits)

  • md5 - Message digest algorithm (128 bits)

[-second-authentication-method {none|publickey|password|nsswitch|domain|totp}] - Second Authentication Method

Displays the login methods that match the specified authentication method to be used as the second factor. Presently, ssh , http and service-processor are the only applications supporting a second factor of authentication. For ssh application, possible values include the following:

  • password - Password

  • publickey - Public-key authentication

  • nsswitch - NIS or LDAP authentication

  • domain - Active Directory authentication

  • totp - TOTP authentication

  • none - default value

For the http and service-processor applications, possible values include the following:

  • publickey - Public-key authentication

  • none - default value

.

[-is-ldap-fastbind {yes|no}] - LDAP Fastbind Authentication

Displays the authentication methods that are LDAP fastbind.

Examples

The example below illustrates how to display information about all user login methods:

cluster1::> security login show

Vserver: cluster1
                                                                 Second
User/Group                 Authentication                 Acct   Authentication
Name           Application Method        Role Name        Locked Method
-------------- ----------- ------------- ---------------- ------ --------------
admin          amqp        password      admin            no     none
admin          console     password      admin            no     none
admin          http        password      admin            no     none
admin          ontapi      password      admin            no     none
admin          service-processor
                           password      admin            no     none
admin          ssh         password      admin            no     none
autosupport    console     password      autosupport      no     none
user1          ssh         publickey     admin            -      none
user2          ssh         password      admin            no     publickey
spuser         service-processor
                           password      admin            no     publickey

Vserver: vs1.netapp.com
                                                                 Second
User/Group                 Authentication                 Acct   Authentication
Name           Application Method        Role Name        Locked Method
-------------- ----------- ------------- ---------------- ------ --------------
vsadmin        http        password      vsadmin          yes    none
vsadmin        ontapi      password      vsadmin          yes    none
vsadmin        ssh         password      vsadmin          yes    none
12 entries were displayed.