•
Additional keyword options are available that identify active administrators or place time thresholds on
the administrator. Refer to the Command Line Interface Reference for more information about the
inspector command.
•
The nopassword option allows you to create an inspector without an associated password. Enable this
option when using ssh public keys (authorized key command in SSH Configuration mode) as a sole
means of authentication. When enabled this option prevents someone from using an inspector password
to gain access to the user account.
Save the configuration as described in the Verifying and Saving Your Configuration chapter.
Configuring LI Administrators
For security reasons, li-administration accounts must be restricted for use only with Lawful Intercept
(LI) functionality and not for general system administration. Only security administrators and administrators
can provision LI privileges. To ensure security in accordance with Law Enforcement Agency (LEA)
standards, LI administrative users must access the system using the Secure Shell (SSH) protocol only. LI
privileges can be optionally configured for use within a single context system-wide. For additional
information, see the Lawful Intercept Configuration Guide and Provisioning Lawful Intercept, on page
57.
Important
Use the example below to configure a context-level LI administrator:
configure
context context_name
administrator user_name { [ encrypted ] [ nopassword ] password password li-administrator}
end
LI Administrators and non-LI Administrators can configure Lawful-Intercept CLI commands. However, only
LI Administrators can view the encrypted Lawful-Intercept CLI commands in Trusted Builds and in Normal
builds, if the Global Configuration mode require segregated li-configuration command is enabled. For
additional information, see the Lawful Intercept Configuration Guide and Segregating System and LI
Configurations, on page 53 .
Segregating System and LI Configurations
Lawful Intercept (LI) configuration includes sensitive information. By default in a Normal build, an
administrator without li-administration privilege can view the LI configuration commands. However, display
of the LI configuration commands can be restricted or segregated from the rest of the system configuration.
The Global Configuration mode require segregated li-configuration command permanently segregates
display of System and Lawful Intercept CLI. The CLI commands with Lawful-Intercept keyword are encrypted
and can only be viewed by an administrator with li-administration privilege.
In a Trusted build, LI segregation is turned on and cannot be disabled. The require segregated
li-configuration command is invisible.
Important
Segregating LI configuration from system configuration has the following impacts on StarOS:
ASR 5500 System Administration Guide, StarOS Release 21.4
53
System Settings
Configuring Context-level Administrative Users
To Next Page
Loading...
Need help?
General
