Filter
Top Products
220 Managing system users and groups
>> Groups# /cfg/sys/user
>> User# edit cert_admin
>> User cert_admin# password
Enter admin’s current password: ( admin user password)
Enter new password for cert_admin: ( cert_admin user
password)
Re-enter to confirm: (reconfirm cert_admin user password)
7 Apply the changes.
>> User cert_admin# apply
Changes applied successfully.
8 Let the Certificate Administrator user define an export
passphrase.
This step is only necessary if you want to fully separate the
Certificate Administrator user role from the Administrator user
role. If the admin user is removed from the certadmin group
(as in Step 9), a Certificate Administrator export passphrase
(caphrase) must be defined.
As long as the admin user is a member of the certadmin
group (the default configuration), the admin user is prompted
for an export passphrase each time a configuration backup
that contains private keys is sent to a TFTP/FTP/SCP/SFTP
server (command:
/cfg/ptcfg). When the admin user is
not a member of the certadmin group, the export passphrase
defined by the Certificate Administrator is used instead to
encrypt private keys in the configuration backup. The encryption
of private keys using the export passphrase defined by the
Certificate Administrator is performed transparently to the user,
without prompting. When the configuration backup is restored,
the Certificate Administrator must enter the correct export
passphrase.
ATTENTION
If the export passphrase defined by the Certificate Administrator is
lost, configuration backups made by the admin user while he or she
was not a member of the certadmin group cannot be restored.
The export passphrase defined by the Certificate
Administrator remains the same until changed by using
the /cfg/sys/user/caphrase command. For users who are
not members of the certadmin group, the caphrase command
in the User menu is hidden. Only users who are members of the
certadmin group should know the export passphrase. The export
passphrase can contain spaces and is case sensitive.
>> User cert_admin# ../caphrase
Enter new passphrase:
Re-enter to confirm:
Passphrase changed.
Nortel Secure Network Access Switch
Using the Command Line Interface
NN47230-100 03.01 Standard
28 July 2008
Copyright © 2007, 2008 Nortel Networks
.