HP Fabric Clustering System HP-UX Administrator's Guide, March 2008
username
Synopsis: The username command is used to create and manage administrative access to
both CLI, GUI, and SNMP (Element Manager GUI is not supported in initial release of HP
InfiniBand).
Syntax: username user password passwd <-- must be executed 1st
username user no
username user disable
username user enable
username user community-string string
username user no-community-string
username user privilege priv1 [priv2] [priv3]
user and passwd are alphanumeric strings up to 34 characters each.
The privilege argument removes all existing privileges, and replaces them with them with the
new ones.
Command Modes: Global-configuration mode.
Privilege Level: Unrestricted read-write user or general read-write user (change own password
only).
Usage Guidelines: The username command is used to:
Create and remove user accounts. The default CLI user accounts are guest, admin, and super.
Change user password. A user with read-write access may change their own password.
Assign access levels based upon functional areas, such as Fibre Channel, Ethernet, and InfiniBand
administrative areas. Access levels may be unrestricted or read-only or read-write for the various
administrative areas. Unrestricted is the equivalent to the superuser.
Enable or disable the account.
Associate user accounts with SNMP community strings. This community string is also used as
the password for Element Manager access (Element Manager GUI is not supported in initial
release of HP InfiniBand).
The user account must be created using the password argument before any other user
configuration is allowed.
The default unrestricted username for the CLI is super and the default password is super. SNMP
community strings provide the user credentials necessary to access Management Information
Base (MIB) objects. The default community-string assigned to the unrestricted user for the Element
Manager is secret (Element Manager GUI is not supported in initial release of HP InfiniBand).
One unique community string is associated with each username and password. Community
strings can be associated with a variety of privilege levels. The user must have an SNMP
community string to begin an Element Manager session. If you do not want users to have SNMP
access to the system, do not assign them a community string. By default, a new user account has
a null or empty community string. Only the unrestricted user may view community strings
(Element Manager GUI is not supported in initial release of HP InfiniBand).
Also, SNMP community strings are sent across the network in UDP packets. There is no
encryption.
By default, new user accounts have read-only access. You may grant write privileges to a user
for functional areas, such as InfiniBand. The privileges are:
• ib-ro (InfiniBand read-only access)
• ib-rw (InfiniBand read-write)
• unrestricted-rw (Read-write access to all network configuration commands).
Privileges are order-dependent. You must enter multiple access privileges in the order shown
in the list above. When changing the privileges of an existing user, specify all the privileges
allowed to the user (including re-entering existing privileges), because the privilege argument
removes all existing privileges and replaces them with them with the new ones.
Administrative Commands 213