Configuring User Accounts for Web Applications (SRC CLI)

User accounts provide one way for clients to authenticate with the application server. For each account, you define the login name for the user, authentication information, and role. You can configure plain-text password or encrypted password as the type of authentication for user accounts. When you delete user accounts, the software verifies that the user account is not referenced by another configuration.

Note: Client profiles can be cached by applications for 30 minutes. If you change the password or role of a client that has been used within the last 30 minutes, it can take up to 30 minutes before these changes take effect.

If you do not want to wait 30 minutes for the changes to take effect, restart the Web application server.

Use the following configuration statements to configure user accounts at the [edit] hierarchy level:

shared application-server user name
shared application-server user name authentication {encrypted-password encrypted-password;plain-text-password;role [DSA | PCMM | VTA-group name;}

To configure a user account:

  1. From configuration mode, access the configuration statement that configures a user account and specify a username that identifies the client.
    user@host# edit shared application-server user name

    The username must be unique within the system. Do not include spaces, colons, or commas in the username.

  2. Configure authentication for the user account.
    [edit shared application-server user name] user@host# set authentication (plain-text-password | encrypted-password)


    • plain-text-password—Prompt for a plain-text (unencrypted) password.
    • encrypted-password—Password encoded with crypt. The format of encrypted passwords is “{crypt}<13-characters in a-zA-Z0-9./>”.

    We recommend that you not enter the password in encrypted format.

    For example:

    user@host# set authentication plain-text-passwordNew password: type password hereRetype new password: retype password here
  3. Configure the role for the user account.
    [edit shared application-server user name] user@host# set role VTA-Quota

    Set the role to one of the following values:

    • DSA—Role for clients accessing the DSA services: dsa-service and dsa2-service
    • PCMM—Role for clients accessing the DSA service: pcmm-service
    • VTA-group name—Role for clients accessing the SOAP API for the SRC VTA. The CLI returns all SRC VTA groups configured under the [edit shared vta group] hierarchy with the prefix “VTA”. For example, set the role to VTA-Quota for clients accessing the SOAP API for the SRC VTA group called Quota.

Related Documentation