SGM calls this ability User-Based Access. User-Based Access provides multi-level password-protected access to SGM features. Each user can have a unique user name and password. Each user can also be assigned to one of five levels of access, which control the list of SGM features accessible by that user. To configure SGM User-Based Access, perform the tasks in the following sections. Required and optional tasks are indicated. • Implementing SGM User-Based Access (Solaris Only), page 18-2 (Required) • Creating Secure Passwords, page 18-5 (Required) • Configuring SGM User Authentication Levels (Solaris Only), page 18-6 (Required) • Automatically Disabling Users and Passwords (Solaris Only), page 18-10 (Optional) Cisco Signaling Gateway Manager User Guide OL-5742-01 18-1 Chapter 18 Configuring SGM Security Configuring SGM User-Based Access • Manually Disabling Users and Passwords (Solaris Only), page 18-14 (Optional) • Enabling and Changing Users and Passwords (Solaris Only), page 18-16 (Optional) • Displaying a Message of the Day, page 18-18 (Optional) • Manually Synchronizing Local SGM Passwords, page 18-21 (Optional) • Listing All Currently Defined Users, page 18-21 (Optional) • Displaying the Contents of the System Security Log, page 18-22 (Optional) • Restoring Security-Related SGM Data, page 18-23 (Optional) • Disabling SGM User-Bases Access, page 18-24 (Optional) • Specifying a Super User (Solaris Only), page 18-24 (Optional) Implementing SGM User-Based Access (Solaris Only) Before you can access SGM’s full suite of security commands, you must enable SGM User-Based Access, configure the type of security authentication you want to use, and begin adding users to your authentication lists. To implement SGM User-Based Access, use the following procedure: Step 1 Step 2 Log in as the root user, as described in the “Becoming the Root User (Solaris Only)” section on page 2-3, or as a super user, as described in the “Specifying a Super User (Solaris Only)” section on page 18-24. Enter the following commands: # cd /opt/CSCOsgm/bin # ./sgm useraccess enable SGM User-Based Access is enabled the next time you restart the SGM server. 18-2 Cisco Signaling Gateway Manager User Guide OL-5742-01 Chapter 18 Configuring SGM Security Configuring SGM User-Based Access Step 3 If you have already configured the type of SGM security authentication you want to use, skip to Step 4. Otherwise, configure the type of SGM security authentication you want to use: • Local authentication allows you to create user accounts and passwords local to the SGM system. When using this method, you can use SGM User-Based Access commands manage user names, passwords, and access levels. To enable local authentication, enter the following command: # ./sgm authtype local • Solaris authentication uses standard Solaris-based user accounts and passwords, as specified in the /etc/nsswitch.conf file. Authentication can be provided by the local /etc/passwd file or from a distributed Network Information Services (NIS) system. You can use all SGM User-Based Access commands except the following commands: – sgm disablepass – sgm passwordage – sgm userpass You must use Solaris commands, such as passwd, to manage passwords. Users also cannot change their passwords using the SGM client. Instead, they must manage their passwords on the external authentication servers, using Solaris commands, such as passwd. All new passwords take effect the next time SGM automatically synchronizes local SGM passwords with Solaris, or you can manually synchronize passwords at any time using the sgm syncusers command. In addition, if you have enabled Solaris authentication, you must be logged in as the root user, not a super user, to use the following SGM commands: – sgm adduser – sgm disableuser – sgm enableuser – sgm updateuser OL-5742-01 Cisco Signaling Gateway Manager User Guide 18-3 Chapter 18 Configuring SGM Security Configuring SGM User-Based Access To enable Solaris authentication, enter the following command: # ./sgm authtype solaris See the “SGM Command Reference” section on page C-1 for more information on the use of each of the above SGM commands. Step 4 To add a user to your SGM User-Based Access authentication list, use the following command: # ./sgm sgm adduser username where username is the name of the user. Note If sgm authtype is set to solaris, you must be logged in as the root user, not as a super user, to enter this command. SGM also prompts you for the authentication level for the user. Valid levels are: • 1—Basic User • 2—Power User • 3—Network Operator • 4—Network Administrator • 5—System Administrator For more information about authentication levels, see the “Configuring SGM User Authentication Levels (Solaris Only)” section on page 18-6. If sgm authtype is set to local, SGM also issues the following prompts: • SGM prompts you for the user’s password. When setting the password, follow the rules and considerations in the “Creating Secure Passwords” section on pa...