Configuring user group attributes, Configuring user group, Attributes – H3C Technologies H3C S7500E Series Switches User Manual
Page 35
2-6
z
With the local-user password-display-mode cipher-force command configured, a local user
password is always displayed in cipher text, regardless of the configuration of the password
command. In this case, if you use the save command to save the configuration, all existing local
user passwords will still be displayed in cipher text after the device restarts, even if you restore
the display mode to auto.
z
The access-limit command configured for a local user takes effect only when local accounting is
configured.
z
Local authentication checks the service types of a local user. If the service types are not available,
the user cannot pass authentication.
z
If the user interface authentication mode (set by the authentication-mode command in user
interface view) is AAA (scheme), which commands a login user can use after login depends on
the privilege level authorized to the user. If the user interface authentication mode is password
(password) or no authentication (none), which commands a login user can use after login
depends on the level configured for the user interface (set by the user privilege level command
in user interface view). For an SSH user using public key authentication, which commands are
available depends on the level configured for the user interface. For more information about user
interface authentication mode and user interface command level, see CLI Login and CLI
Configuration in the Fundamentals Configuration Guide.
z
Be cautious when deciding which binding attributes should be configured for a local user. Binding
attributes are checked upon local authentication of a user. If the checking fails, the user fails the
authentication.
z
Every configurable authorization attribute has its definite application environments and purposes.
Therefore, when configuring authorization attributes for a local user, consider what attributes are
needed.
Configuring user group attributes
User groups are used to simplify local user configuration and management. A user group comprises a
group of local users and has a set of local user attributes. You can configure local user attributes for a
user group to implement centralized user attributes management for the local users in the group.
Currently, you can configure authorization attributes for a user group.
By default, every newly added local user belongs to the system default user group system and bears
all attributes of the group. You can change the user group to which a local user belongs by using the
user-group command in local user view.
Follow these steps to configure attributes for a user group:
To do…
Use the command…
Remarks
Enter system view
system-view
—
Create a user group and enter user
group view
user-group group-name
Required