used to derive a key of given length, based on entered data, salt and number of iterations. Local-user account
passwords are hashed using the PBKDF2 method with a randomly generated salt coupled with a large number
of iterations to make password storage more secure.
Since hash functions are one-way, it is not possible to convert PBKDF2 hashed passwords to the MD5 format.
The local-user database must be downgraded prior to reverting to StarOS releases prior to 20.0.
To downgrade the local-user database to use the MD5 hash algorithm, a Security Administrator must run the
Exec mode
downgrade local-user database
command. StarOS prompts for confirmation and requests the
Security Administrator to reenter a password. The entered password re-authenticates the user prior to executing
the downgrade command. After verification, the password is hashed using the appropriate old/weak encryption
algorithm and saved in the database to allow earlier versions of StarOS to authenticate the Security
Administrator.
The downgrade process does not convert PBKDF2 hashed passwords to MD5 format. The downgrade process
re-reads the database (from the /flash directory), reconstructs the database in the older format, and writes it
back to the disk. Since the PBKDF2 hashed passwords cannot be converted to the MD5 hash algorithm, and
earlier StarOS releases cannot parse the PBKDF2 encryption algorithm, StarOS suspends all those users
encrypted via the PBKDF2 algorithm. Users encrypted via the MD5 algorithm ("Weak Hash" flag) can continue
to login with their credentials. After the system comes up with the earlier StarOS release, suspended users
can be identified in the output of the
show local-user [verbose]
command.
To reactivate suspended users a Security Administrator can:
•
Set temporary passwords for suspended users, using the Exec mode
password change local-user
username
command.
•
Reset the suspend flag for users, using the Configuration mode
no suspend local-user username
command.
Off-line Software Upgrade
An off-line software upgrade can be performed for any system, upgrading from any version of operating
system software to any version, regardless of version number. This process is considered off-line because
while many of the steps can be performed while the system is currently supporting sessions, the last step of
this process requires a reboot to actually apply the software upgrade.
This procedure assumes that you have a CLI session established and are placing the new operating system
image file onto the local file system. To begin, make sure you are at the Exec mode prompt:
[local]
host_name
#
Configure a Newcall Policy
Configure a newcall policy from the Exec mode to meet your service requirements. When enabled the policy
redirects or rejects new calls in anticipation of the system reload that completes the upgrade process. This
reduces the amount of service disruption to subscribers caused by the system reload that completes the upgrade.
Newcall policies are created on a per-service basis. If you have multiple services running on the chassis,
you can configure multiple newcall policies.
Important
ASR 5500 System Administration Guide, StarOS Release 21.5
95
Software Management Operations
Off-line Software Upgrade
Содержание ASR 5500
Страница 100: ...ASR 5500 System Administration Guide StarOS Release 21 5 74 System Interfaces and Ports VLANs and Management Ports ...
Страница 136: ...ASR 5500 System Administration Guide StarOS Release 21 5 110 Smart Licensing Smart Licensing Bulk Statistics ...
Страница 140: ...ASR 5500 System Administration Guide StarOS Release 21 5 114 Monitoring the System Clearing Statistics and Counters ...
Страница 260: ...ASR 5500 System Administration Guide StarOS Release 21 5 234 Routing Viewing Routing Information ...
Страница 278: ...ASR 5500 System Administration Guide StarOS Release 21 5 252 BGP MPLS VPNs VPN Related CLI Commands ...
Страница 292: ...ASR 5500 System Administration Guide StarOS Release 21 5 266 Session Recovery Sample Output for show rct stats verbose ...
Страница 324: ...ASR 5500 System Administration Guide StarOS Release 21 5 298 Interchassis Session Recovery Fallback Procedure ...
Страница 338: ...ASR 5500 System Administration Guide StarOS Release 21 5 312 Engineering Rules ECMP Groups ...
Страница 362: ...ASR 5500 System Administration Guide StarOS Release 21 5 336 StarOS Tasks Management Processes ...