Thursday, October 25, 2007

Unlocking User Accounts via the CLI

As promised, a short article on unlocking user accounts via the CLI.

MARS 4.3.1 introduced the new AAA features.

For both Local or AAA authentication methods, if enabled, GUI access is locked for an account upon login failure, which occurs when a specified number of incorrect password entries are made for a single login name.

Now an important thing to note. The administrator GUI access can be locked like any other account. BUT, the CLI access through the console or through SSH is never locked. (Good job or you could be completely locked out your MARS box!)

Now from the CLI we can unlock single accounts or all accounts at the same time, the switches on the unlock command are shown below...

And an example of unlocking all accounts is shown at the top of the page, and an example of an individual account is shown below..

Now remember we can unlock individual user accounts in the CLI also, as long as the admin GUI account isn't locked.

Some other important notes regarding global controllers....

Unlocking is not replicated through Global Controller–Local Controller communications, it applies only to the local appliance. An account locked on a Global Controller does not replicate the locked status to global accounts on Local Controllers. A global account locked on two different appliances must be unlocked manually on each appliance.

No comments: