Super password & only super | GPON Solution

Super password & only super

Super password & only super

super password command is used to configure the password for the higher user level which is switched from a lower user level. Before you run the super command to switch a user level to a higher user level, run this command to configure the password for the higher user level.

The undo super password command is used to recover the default user level. After this command is successfully executed for a user, the user level cannot be switched to a higher user level.

Format:

super password level user-level { simple simple | cipher cipher }[ read | write ]

undo super password level user-level [ read | write ]

level user-level: Specifies the target user level after user switching. Only the super user and the admin user have the right to run this command.

Numeral type. Range:

  • Super user: 0-2
  • Admin user: 0-1

NOTE:

  • 0: common user level
  • 1: operator level
  • 2: administrator level (The value is available for super user only.)

 

simple: Configures the plain text password. The password is saved in the configuration file in encryption format. The encrypted password cannot be viewed, ensuring high security.

cipher: Configures the encrypted password. The password is saved in the configuration file in encryption format. The encrypted password cannot be viewed, ensuring high security.

NOTE:

The functions of simple and cipher parameters are the same to compatible with historical versions.

simple / cipher: Is the password for the target user level after user switching.

Character string type.

  • The password must contain at least x characters. The maximum value is 15 characters and the default value is 6 characters. You can run the system user password security-length command to change the value of “x”.
  • If you select simple, the password must be a plaintext and the length range is x-15 characters. It must contain at least one digit, one letter and an no question mark (?).
  • If you select cipher, the password can be a 24-58 characters ciphertext. The password is generated in the system and saved in the configuration file. For example, the password can be *.”S7-EY’OZ’=Y;ES7>GS+\/P>I8:021_”<^6,6DE.7.”3(Q$7XD:28Q3*. The password can also be a plaintext with the length range x-15 characters. When the password is a plaintext, it must at least contain one digit and one letter but cannot contain any question mark (?). for example, pass123.

read: Specifies the target user level after user switching to read. A user that has the read permission can run only query commands. To control the permission of maintenance personnel, use this parameter. After the setting, configuration changes due to misoperations performed by maintenance personnel can be prevented and therefore service interruption is prevented.

write: Specifies the target user level after user switching to write. A user that has the write permission can run commands that have the same or lower level than the target level.

The super password command apply Administrator level & Privilege mode.

Usage Guidelines:

  • Regardless of whether a plain text password or an encrypted password is configured, you must enter the password in plain text format in authentication for user level switching.
  • Regardless of whether a plain text password or an encrypted password is configured, the password will be saved in the configuration file and database in ciphertext format. You cannot obtain the password from the system. Therefore, keep the password properly for later use.
  • When you do not enter read or write, write (read and write permissions) is used by default.
  • A user has level attributes and read and write permission. Commands that can be executed by a user based on a specified level are classified into two types. If users have the same level and read permission, the users can run query only commands in the query command set at the specified level and cannot query commands in the configuration command set. For details, see the following table.
    Superuser level, all commands
    Administrator level, query command set C1 Administrator level, query command set C2
    Operation level, query command set B1 Operation level, query command set B2
    Common level, command set A

    User levels in the preceding table are in ascending order.

    • Users have the common level and read permission can run commands only command set A. The read and write permission of a common level user is not distinguished.
    • Users have the operation level and read permission can run commands in command sets A and B1.
    • Users have the operation level and read and write permissions can run commands in command sets A, B1, and B2.
    • Users have the management level and read permission can run commands in command sets A, B1, and C1.
    • Users have the management level and read and write permissions can run commands in command sets A, B1, B2, C1, and C2.
    • The read and write permission of a superuser is not distinguished, and a superuser can run all the commands in the system (the system supports only one superuser).

Super password Example:

Assume that the current user level is 2 and the plaintext password is pass123 configured in cipher mode. To configure the password for user level 1 to switch the common user level to an operator level and set the permission to write through password authentication, do as follows:

BD-Huawei#super password
{ level<K> }:level
{ level<U><0,2> }:1
{ cipher<K>|simple<K> }simple
{ simple<S><Length 6-15> }:pass123
{ <cr>|read<K>|write<K> }:write
Command:
super password level 1 simple pass123 write

Assume that the current user level is 2 and the plaintext password is pass234 configured in cipher mode. To configure the password for user level 1 to switch the common user level to an operator level and set the permission to read through password authentication, do as follows:

BD-Huawei#super password
{ level<K> }:level
{ level<U><0,2> }:1
{ cipher<K>|simple<K> }cipher
{ cipher<S><Length 6-15,24-58> }:pass234
{ <cr>|read<K>|write<K> }:read
  Command:
    super password level 1 cipher pass234 read

To cancel the password configured for user level 1 that is switched for the current user level and the permission is read, or to forbid switching from a lower user level to an upper user level, do as follows:

BD-Huawei#undo super
{ password<K> }:password
{ level<K> }:level
{ level<U><0,2> }:1
{ <cr>|read<K>|write<K> }:read
  Command:
    undo super password level 1 read

System Response:

  • The system does not display any message after the super password command is executed successfully
super password

super password

super:

super command is used to change (raise or lower) the user level and read and write permissions of a user. The user level and read and write permissions determine the permission for a user to run a command.

NOTE:

The user level refers to the category of permissions for users. The permission has three levels and is in mapping relationship with the command level. That is, after users of different levels log in to the system, they can use commands with levels equal to or lower than their user levels.

Each user level has the read only or read and write permissions. After switching to read only permission, a user can only run query commands. After a user logs in to the system, the default permission is read and write.

Format:

super [level ] [ read | write ]

Usage Guidelines:

  • When you do not specify the value of the parameter level, the default level is 2, that is, the administrator level.
  • When you do not enter read or write, the default permission write is used.
  • When this command is being executed, the system verifies the user password.
    • If the target user level after switching is higher than the current user level, you must enter the password for the target user level. If the password is configured and you enter it correctly, the switching is successful; if no password is configured for the higher user level, the system displays a message stating that access is rejected. You need use super password command to configure the password for the higher user level which is switched from a lower user level.
    • If the command set of the target user level and attributes after switching is contained in the command set of the current user level and attributes (for details about the command set division, see “Usage Guidelines” in the super password command), you need not enter the password for the target user level and you can directly switch the user level. If the user level is raised again after being lowered, you need to enter the password of the higher user level.
  • If the password verification is successful, the dynamic switching of the user level is performed. Other terminals are not affected because only the current user level is switched.
  • If you log in to the system again after switching to a higher user level, you need to run this command again to switch to the target user level, that is, the switched-to user level does not retain after another login.

Example:

Assume that the current user is a common user (level is 0), the user level corresponding to the command to be executed is 1, the command is a configuration command, and the save operation is required. To change the current user level to read and write level 1 , do as follows:

BD-Huawei>super
{ <cr>|level<U><0,2>|read<K>|write<K> }:1
{ <cr>|read<K>|write<K> }:write
  Command:
          super 1 write
  Password:
  Now user privilege is 1 level, and only those commands whose level is
  equal to or less than this level can be used.
  Privilege note: 0-COMUSER_LEVEL, 1-OPERATOR_LEVEL, 2-ADMINISTRATOR_LEVEL

Assume that the current user is a common user (level is 0), the user level corresponding to the command to be executed is 1, the command is a query command, and the configuration permission for level 1 commands is not required. To change the current user level to read level 1, do as follows:

BD-Huawei>super
{ <cr>|level<U><0,2>|read<K>|write<K> }:1
{ <cr>|read<K>|write<K> }:read
  Command:
          super 1 read
  Password:
  The user privilege is of level 1 and the attribute is read only. The user
  can run query commands of level 1 and all the commands of level 0.
  Privilege note: 0-COMUSER_LEVEL, 1-OPERATOR_LEVEL, 2-ADMINISTRATOR_LEVEL

System Response:

The system displays the message “Now user privilege is x level, and only those commands whose level is equal to or less than this level can be used. Privilege note:

  • 0-COMUSER_LEVEL,
  • 1-OPERATOR_LEVEL,
  • 2-ADMINISTRATOR_LEVEL”

after this command is executed successfully. “x” indicates the target level of the current user.

super

super password

email

Shahed

Hi! I am Shahed. I currently work as a Sr. Network Engineer. I want to build up my carrier in Networking field.

Follow Me:
TwitterFacebookLinkedInPinterestGoogle PlusDiggYouTubeRedditDelicious

Super password & only super was last modified: November 13th, 2015 by Shahed

Comments

comments

Leave a Reply

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

error: Content is protected !!