Select MM Control → Login Profiles to manage user names and permissions.
The following illustration shows login profiles settings for an advanced management module.
Up to 12 login profiles can be set up for the management module. Select Login Profiles to view information about each login profile. All management-module types display the login ID and role or access level that is assigned to each user: supervisor (S), operator (O), or custom (C).
For advanced management modules, the following information is also shown:
Click a login ID to configure settings that are specific to a login profile. You also can configure settings that apply to all of the login profiles. For an advanced management module, these settings are configured in the Account Security Management area. Click the login ID of an unused profile to set up a profiles for a new user.
For each user profile, specify the following values:
Defines the command areas that a user can access, according to the user's access scope. Roles or authority levels might vary according to the type of BladeCenter unit that you are using and the management-module firmware version that is installed.
Defines where the role or user authority that is defined for a user is valid.
The following illustrations show the user profile settings.
Click Configure SNMPv3 User to perform additional user configuration that is required for SNMPv3 (see Configuring SNMP for instructions). If automatic refresh for Web display settings is enabled for a user profile, all advanced management module user interface web pages that have auto-refresh capability will be automatically refreshed during web sessions for the user. If automatic refresh is disabled, there will be no automatic refresh for web sessions of this user.
The SSH Public Key Authentication section of the Login Profile page provides for adding, removing, viewing, or modifying the user's SSH public keys. As the Login Profile page is opened on the advanced management module, a summary of key information is displayed for the first key, if any, that is installed for the login profile. If more than one key is installed for the login profile, select the key that you want to view, modify, or remove from the list.
If no keys have been installed for this Login Profile, the only available push button is Add New Key.
Use the next page to import a public key, or paste the key data and install one.
The advanced management module accepts SSH public keys that are formatted as OpenSSH-formatted public keys. Keys that are generated by the OpenSSH ssh-keygen program are acceptable. The length of the key can be up to 4096 bits. Key types ssh-rsa and ssh-dss are accepted. Normally, the key does not contain carriage return or line-feed characters, but these are acceptable when key data is pasted into the Key Data field. RFC4716-formatted keys cannot be imported through the web interface. Use the CLI to import RFC4716 formatted keys. The accepted key format contains up to four fields, as follows:
< Accepted From specification > < key type > < key data > < comment >
The < Accepted From specification > and <comment> parameters are optional. You can use a space character or tab character to separate the fields.
If the user has a public key, click View/Modify to view or export the selected key. You can also use this page to modify the Accepted From specification and Comment for the selected key.
The fields on this page have the following functions:
You can update the Accepted From specification on this page by typing the new specification in the field and clicking Save. The format of the Accepted From specification is
from=pattern-list
where pattern-list is a comma-separated list of host names and IP addresses.
Each host name or IP address can contain wildcard characters * (asterisk) or ? (question mark), where the asterisk matches any string of characters and the question mark matches any single character. If a host name or IP address is preceded by ! (exclamation point), the key will not be accepted from a host that matches the host name or IP address. DNS must be enabled on the management module if host names are used in the Accepted From specification. The purpose of the Accepted From specification is to optionally increase security: public key authentication by itself does not trust the network, name servers, or anything (but the key). However, if an intruder somehow steals the private key that is associated with an installed public key, the key enables the intruder to log in from anywhere in the world. This additional option makes using a stolen key more difficult. In addition to the key, the name servers, routers, or both would need to be compromised also.
The following illustration shows user profile settings for older versions of management-module firmware.
Several user roles (authority levels) are available, and each one gives a user write and execute access to different areas of management-module and BladeCenter component functions. Users with operator authority have read-only authority and can access management-module functions for viewing only. Multiple roles can be assigned to each user through the Custom role, and users with the Supervisor role have write and execute access to all functions within their assigned access scopes.
The following illustration shows the Account Security Management area for the advanced management module.
You can modify the following settings:
The following illustration shows the Custom Security Settings for the advanced management module.
Click View Configuration Summary to display the configuration settings for all BladeCenter® users and components.