Contents

1   Introduction

This document describes how to change attributes in the specific Administrator account that is used for initial and recovery scenarios when authentication to regular Operation and Maintenance (O&M) accounts is inaccessible.

1.1   Prerequisites

This section describes the prerequisites, which must be fulfilled before using the procedure.

1.1.1   Conditions

The following conditions must apply:

• The user has sufficient access rights to perform the task, for example, the user has System Security Administrator role.
• The user is familiar with the security policy of the organization.
• An Ericsson Command-Line Interface (ECLI) session in Exec mode is in progress.
• The PasswordPolicy Managed Object (MO) is known.

2   Procedure

To change the administrator account:

1. Navigate to the AdministratorAccount MO, for example:

   >dn ManagedElement=NODE06ST,SystemFunctions=1,SecM=1,UserManagement=1,LocalAuthenticationMethod=1,AdministratorAccount=la-admin

2. Enter Config mode:

   (AdministratorAccount=la-admin)>configure

3. Set the AdministratorAccount attributes according to operators password policy, for example:

   (config-AdministratorAccount=la-admin)>passwordMaxFailure=5

4. Commit the settings:

   (config-AdministratorAccount=la-admin)>commit

5. Verify the settings:

   (AdministratorAccount=la-admin)>show -v

   The following is an example output:

   AdministratorAccount=la-admin administratorAccountId="la-admin" lastLoginTime="" <read-only> passwordChangedTime="" <read-only> passwordFailureCountInterval=86400 <default> passwordFailureTimes <read-only> "" passwordHistoryLength=12 <read-only> passwordMaxFailure=5 passwordMinLength=12 <read-only> passwordQuality="ManagedElement=NODE06ST,⇒ SystemFunctions=1,SecM=1,UserManagement=1,⇒ LocalAuthenticationMethod=1,PasswordQuality=1"