Configuring Context-level Inspectors
Use the example below to configure context-level inspectors:
configure
context local
inspector user_name { [ encrypted ] [ nopassword ] password password }
end
Notes:
•
Additional keyword options are available that identify active administrators or place time thresholds on
the administrator. Refer to the
Command Line Interface Reference
for more information about the
inspector
command.
•
The
nopassword
option allows you to create an inspector without an associated password. Enable this
option when using ssh public keys (
authorized key
command in SSH Configuration mode) as a sole
means of authentication. When enabled this option prevents someone from using an inspector password
to gain access to the user account.
Save the configuration as described in the
Verifying and Saving Your Configuration
chapter.
Segregating System and LI Configurations
Lawful Intercept (LI) configuration includes sensitive information. By default in a Normal build, an
administrator without li-administration privilege can view the LI configuration commands. However, display
of the LI configuration commands can be restricted or segregated from the rest of the system configuration.
The Global Configuration mode
require segregated li-configuration
command permanently segregates
display of System and Lawful Intercept CLI. The CLI commands with Lawful-Intercept keyword are encrypted
and can only be viewed by an administrator with li-administration privilege.
In a Trusted build, LI segregation is turned on and cannot be disabled. The
require segregated
li-configuration
command is invisible.
Important
Segregating LI configuration from system configuration has the following impacts on StarOS:
•
Only administrators with li-administration privilege can see Lawful Intercept CLI commands in the
output of the
show configuration
command.
•
Executing the
save configuration
command will automatically encrypt Lawful Intercept CLI configuration
commands.
•
When loading a saved configuration file via CLI command (for example,
configure <url>
), encrypted
Lawful Intercept CLI commands will be decrypted and executed only for an administrator with LI
privilege. For an administrator without LI privilege, encrypted Lawful Intercept CLI commands will
not be decrypted and executed.
•
During a system boot wherein the boot config is loaded, encrypted Lawful Intercept configuration will
be decrypted and loaded silently, in other words Lawful Intercept CLI configuration will not be visible
on the console port.
ASR 5500 System Administration Guide, StarOS Release 21.5
35
System Settings
Configuring Context-level Administrative Users