[Contents] [Prev] [Next] [Index] [Report an Error]

Configuring Operators

You configure Common Criteria operators with the operator login class. For example:



[edit]
system {


login {


user CC-operator {
full-name “Common Criteria Operator”;
uid 1002;
class operator;


authentication {
encrypted-password “$1$BaffophAt6rRxxvypF”;
# SECRET-DATA
}


}


}


}

Operators have the following permissions:

clear—Clear learned network information.
network—Access the network.
reset—Reset or restart interfaces and daemons.
trace—View trace file settings and audit logs.
view—View current values and statistics.

The trace permission includes the ability to view audit logs. The maintenance permission adds the ability to modify the audit log directory, including file deletion. To limit audit log activity to view-only, use the trace permission. For information about audit logs, see Configuring Common Criteria Event Logging.

Operators cannot edit the configuration.

Note: When setting a password using a pre-encrypted format, the system manager is responsible for meeting or exceeding the minimal password strength requirements outlined in Protecting Management Connections.

[Contents] [Prev] [Next] [Index] [Report an Error]