Configuring user group attributes – H3C Technologies H3C WX3000E Series Wireless Switches User Manual
Page 35

21
NOTE:
•
On a device supporting the password control feature, local user passwords are not displayed, and the
local-user password-display-mode command is not effective.
•
If you configure the local-user password-display-mode cipher-force command, all existing local user
passwords will be displayed in cipher text, regardless of the configuration of the password command.
If you also save the configuration and restart the device, all existing local user passwords will always be
displayed in cipher text, no matter how you configure the local-user password-display-mode
command or the password command. The passwords configured after you restore the display mode to
auto by using the local-user password-display-mode auto command, however, are displayed as
defined by the password command.
•
The access-limit command configured for a local user takes effect only in the case of local accounting.
•
If the user interface authentication mode (set by the authentication-mode command in user interface
view) is AAA (scheme), which commands a login user can use after login depends on the privilege level
authorized to the user. If the user interface authentication mode is password (password) or no
authentication (none), which commands a login user can use after login depends on the level
configured for the user interface (set by the user privilege level command in user interface view). For an
SSH user using public key authentication, which commands are available depends on the level
configured for the user interface. For more information about user interface authentication mode and
user interface command level, see
Fundamentals Configuration Guide.
•
You can configure the user profile authorization attribute in both local user view and ISP domain view.
The setting in local user view takes precedence. For more information about user profiles, see
"Configuring user profiles."
Configuring user group attributes
User groups simplify local user configuration and management. A user group comprises a group of local
users and has a set of local user attributes. You can configure local user attributes for a user group to
implement centralized user attributes management for the local users in the group. Configurable user
attributes include password control attributes and authorization attributes.
By default, every newly added local user belongs to the system default user group system and bears all
attributes of the group. To change the user group to which a local user belongs, use the user-group
command in local user view.
To configure attributes for a user group:
Step Command
Remarks
1.
Enter system view.
system-view
N/A
2.
Create a user group and
enter user group view.
user-group group-name
N/A
3.
Configure password control
attributes for the user group.
•
Set the password aging time:
password-control aging aging-time
•
Set the minimum password length:
password-control length length
•
Configure the password
composition policy:
password-control composition
type-number type-number
[ type-length type-length ]
Optional.
By default, the global settings
apply. The global settings
include a 90-day password
aging time, a minimum
10-character password length,
one type number, and one type
length.
- H3C WX5500E Series Access Controllers H3C WX3500E Series Access Controllers H3C WX2500E Series Access Controllers H3C WX6000 Series Access Controllers H3C WX5000 Series Access Controllers H3C LSWM1WCM10 Access Controller Module H3C LSUM3WCMD0 Access Controller Module H3C LSUM1WCME0 Access Controller Module H3C LSWM1WCM20 Access Controller Module H3C LSQM1WCMB0 Access Controller Module H3C LSRM1WCM2A1 Access Controller Module H3C LSBM1WCM2A0 Access Controller Module H3C WA3600 Series Access Points H3C WA2600 Series WLAN Access Points H3C S10500 Series Switches H3C S5800 Series Switches H3C S5820X Series Switches H3C S12500 Series Switches H3C S9500E Series Switches H3C MSR 5600 H3C MSR 50 H3C MSR 3600 H3C MSR 30 H3C MSR 2600 H3C MSR 20-2X[40] H3C MSR 20-1X H3C MSR 930 H3C MSR 900 H3C SR8800 H3C SR6600-X H3C SR6600 H3C SecPath F5020 H3C SecPath F5040 H3C VMSG VFW1000