The system comes
configured with a context called
that you use specifically for management purposes. The context selection
process for context-level administrative users (those configured within a
context) is simplified because the management ports on the MIO are associated
only with the Local context. Therefore, the source and destination contexts for
a context-level administrative user responsible for managing the entire system
should always be the local context.
administrative user can be created in a non-local context. These management
accounts have privileges only in the context in which they are created. This
type of management account can connect directly to a port in the context in
which they belong, if local connectivity is enabled (SSHD, for example) in that
For all FTP or SFTP
connections, you must connect through an MIO management interface. If you SFTP
or FTP as a non-local context account, you must use the username syntax of
In release 20.0
StarOS builds, FTP is not supported.
selection process becomes more involved if you are configuring the system to
provide local authentication or work with a AAA server to authenticate the
context-level administrative user.
The system gives you
the flexibility to configure context-level administrative users locally
(meaning that their profile will be configured and stored in its own memory),
or remotely on an AAA server. If a locally-configured user attempts to log onto
the system, the system performs the authentication. If you have configured the
user profile on an AAA server, the system must determine how to contact the AAA
server to perform authentication. It does this by determining the AAA context
for the session.
The following table
and flowchart describe the process that the system uses to select an AAA
context for a context-level administrative user. Items in the table correspond
to the circled numbers in the flowchart.
Figure 1. Context-level Administrative User AAA Context
Table 1 Context-level
Administrative User AAA Context Selection
authentication, the system determines whether local authentication is enabled
If it is,
the system attempts to authenticate the administrative user in the
local context. If it is not, proceed to item 2 in this
administrative user's username is configured, authentication is performed by
using the AAA configuration within the
local context. If not, proceed to item 2 in this table.
authentication is disabled on the system or if the administrative user's
username is not configured in the
local context, the system determines if a domain was
received as part of the username.
If there is
a domain and it matches the name of a configured context or domain, the systems
uses the AAA configuration within that context.
If there is
a domain and it does not match the name of a configured context or domain, Go
to item 4 in this table.
If there is
no domain as part of the username, go to item 3 in this table.
If there was
no domain specified in the username or the domain is not recognized, the system
determines whether an
Administrator Default Domain is configured.
default domain is configured and it matches a configured context, the AAA
configuration within the
Administrator Default Domain context is used.
default domain is not configured or does not match a configured context or
domain, go to item 4 item below.
If a domain
was specified as part of the username but it did not match a configured
context, or if a domain was not specified as part of the username, the system
determines if the
Administrator Last Resort context parameter is configured.
If a last
resort, context is configured and it matches a configured context, the AAA
configuration within that context is used.
If a last
resort context is not configured or does not match a configured context or
domain, the AAA configuration within the
local context is used.