Creating users

You can create either a local or a remote user to access a SAN Volume Controller cluster.

You can create two categories of users that access the cluster. These types are based on how the users are authenticated to the cluster. Local users must provide either a password, a Secure Shell (SSH) key, or both. Local user are authenticated through the authentication methods that are located on the SAN Volume Controller cluster. If the local user needs access to SAN Volume Controller Console, a password is needed for the user. If the user requires access to the command-line interface (CLI) then a valid SSH key file is necessary. If a user is working with both interfaces, then both a password and SSH key are required. Local users must be part of a user group that is defined on the cluster. User groups define roles that authorize the users within that group to a specific set of operations on the cluster.

A remote user is authenticated on a remote service usually provided by a SAN management application, such as IBM® Tivoli® Storage Productivity Center, and does not need local authentication methods. For a remote user, both a password and SSH key are required to use the command-line interface. Remote users only need local credentials to access to the SAN Volume Controller Console if the remote service is down. Remote users have their groups defined by the remote authentication service.

This task assumes that you have already launched the SAN Volume Controller Console. Complete the following steps to create either a local or remote user:
  1. Click Manage Authentication > Users in the portfolio. The Viewing Users panel is displayed.
  2. Select Create a User from the task list and click Go. The Creating a User panel is displayed.
  3. Enter a name for the user.
  4. Enter a password for the user. The password cannot start or end with a blank character. The password can consist of a string of 6 - 64 printable ASCII characters.
  5. Enter the SSH key file that is associated with the user. Click Browse to select the file. An SSH key is needed if this user plans to use the command-line interface to manage the cluster. Any SAN Volume Controller users that use the remote authentication service and require SSH keys to access the command-line interface must have the same password on the cluster and the remote authentication service. In addition the user group that the user belongs to must be visible to the remote authentication service. The remote visibility setting instructs SAN Volume Controller to check the remote authentication service for that user's group information to determine the user's role on the cluster.
  6. Select the appropriate authentication type for the user. Select Remote if the user is authenticate to the cluster by a remote authentication service. Select Local if the user is authenticated to the cluster using cluster authentication methods.
    Note: Local is the default setting for the authentication type.
  7. If you selected to create a local user, you must also specify the user group that the user belongs to. The user group defines roles that provide the user with access to specific operations on the cluster.
  8. Click OK.
Parent topic: Configuring user authentication
Library | Support | Terms of use | Feedback
© Copyright IBM Corporation 2003, 2009. All Rights Reserved.