The system supports several security related features that can help protect system data and resources from unauthorized access.
You can create local users who can access the system. These user types are defined based on the administrative privileges that they have on the system. Local users must provide either a password, a Secure Shell (SSH) key, or both. Local users are authenticated through the authentication methods that are configured on the system. If the local user needs access to the management GUI, a password is needed for the user. If the user requires access to the command-line interface (CLI) through SSH, either a password or a valid SSH key file is necessary. Local users must be part of a user group that is defined on the system. User groups define roles that authorize the users within that group to a specific set of operations on the system.
A remote user is authenticated on a remote service with either IBM® Security Services or Lightweight Directory Access Protocol (LDAPv3) support. A remote user does not need local authentication methods. With IBM® Security Services, both a password and SSH key are required to use the command-line interface. With LDAP, having a password and SSH key is not necessary although SSH keys optionally can be configured. Remote users who need to access the system when the remote service is down also need to configure local credentials. Remote users have their groups defined by the remote authentication service.