H3C Technologies H3C S12500-X Series Switches User Manual
Page 31

19
•
Binding attributes—Binding attributes control the scope of users, and are checked during local
authentication of a user. If the attributes of a user do not match the binding attributes configured for
the local user account, the user cannot pass authentication. Binding attributes include the IP address,
access port, MAC address, and native VLAN. For support and usage information about binding
attributes, see "
698H
Configuring local user attributes
."
•
Authorization attributes—Authorization attributes indicate the user's rights after it passes local
authentication. Authorization attributes include the ACL, idle cut function, user role, VLAN, and
FTP/SFTP work directory. For support information about authorization attributes, see "
699H
Configuring
local user attributes
."
Configure the authorization attributes based on the service type of local users.
You can configure an authorization attribute in user group view or local user view to make the
attribute effective for all local users in the group or for only the local user. The setting of an
authorization attribute in local user view takes precedence over the attribute setting in user group
view.
•
Password control attributes—Password control attributes help control password security for device
management users. Password control attributes include password aging time, minimum password
length, password composition checking, password complexity checking, and login attempt limit.
You can configure a password control attribute in system view, user group view, or local user view,
making the attribute effective for all local users, local users in a group, or only the local user. A
password control attribute with a smaller effective range has a higher priority. For more
information about password management and global password configuration, see "
700H
Configuring
password control
."
351B
Local user configuration task list
Tasks at a glance
(Required.)
701H
Configuring local user attributes
(Optional.)
702H
Configuring user group attributes
(Optional.)
703H
Displaying and maintaining local users and local user groups
352B
Configuring local user attributes
Follow these guidelines when you configure local user attributes:
•
When you use the password-control enable command to globally enable the password control
feature, local user passwords are not displayed.
•
The authentication mode of user interfaces is set by the authentication-mode command in user line
view and affects access to commands for login users. In AAA (scheme) mode, the authorized user
role determines the commands available for each login user. In password (password) or no
authentication (none) mode, the user role of respective user interfaces determines the commands
available for the login users. The user role of respective user interfaces also determines the
commands available for the public key authenticated SSH users. For more information about the
authentication mode and user roles for user interfaces, see Fundamentals Configuration Guide.
•
You can configure authorization attributes and password control attributes in local user view or user
group view. The setting in local user view takes precedence over the setting in user group view.
To configure local user attributes:
Step Command
Remarks
1.
Enter system view.
system-view
N/A
- H3C S5560 Series Switches H3C WX6000 Series Access Controllers H3C WX5000 Series Access Controllers H3C WX3000 Series Unified Switches H3C LSWM1WCM10 Access Controller Module H3C LSWM1WCM20 Access Controller Module H3C LSQM1WCMB0 Access Controller Module H3C LSRM1WCM2A1 Access Controller Module H3C LSBM1WCM2A0 Access Controller Module H3C S9800 Series Switches H3C S5130 Series Switches H3C S5120 Series Switches