Configuring user group attributes – H3C Technologies H3C WX3000E Series Wireless Switches User Manual

21

NOTE:
•

On a device supporting the password control feature, local user passwords are not displayed, and the
local-user password-display-mode command is not effective.

•

If you configure the local-user password-display-mode cipher-force command, all existing local user
passwords will be displayed in cipher text, regardless of the configuration of the password command.

If you also save the configuration and restart the device, all existing local user passwords will always be

displayed in cipher text, no matter how you configure the local-user password-display-mode
command or the password command. The passwords configured after you restore the display mode to

auto by using the local-user password-display-mode auto command, however, are displayed as

defined by the password command.

•

The access-limit command configured for a local user takes effect only in the case of local accounting.

•

If the user interface authentication mode (set by the authentication-mode command in user interface
view) is AAA (scheme), which commands a login user can use after login depends on the privilege level

authorized to the user. If the user interface authentication mode is password (password) or no

authentication (none), which commands a login user can use after login depends on the level
configured for the user interface (set by the user privilege level command in user interface view). For an

SSH user using public key authentication, which commands are available depends on the level

configured for the user interface. For more information about user interface authentication mode and
user interface command level, see

Fundamentals Configuration Guide.

•

You can configure the user profile authorization attribute in both local user view and ISP domain view.
The setting in local user view takes precedence. For more information about user profiles, see

"Configuring user profiles."

Configuring user group attributes

User groups simplify local user configuration and management. A user group comprises a group of local

users and has a set of local user attributes. You can configure local user attributes for a user group to

implement centralized user attributes management for the local users in the group. Configurable user
attributes include password control attributes and authorization attributes.
By default, every newly added local user belongs to the system default user group system and bears all

attributes of the group. To change the user group to which a local user belongs, use the user-group

command in local user view.
To configure attributes for a user group:

Step Command

Remarks

1.

Enter system view.

system-view

N/A

2.

Create a user group and

enter user group view.

user-group group-name

N/A

3.

Configure password control
attributes for the user group.

•

Set the password aging time:
password-control aging aging-time

•

Set the minimum password length:

password-control length length

•

Configure the password

composition policy:

password-control composition
type-number type-number

[ type-length type-length ]

Optional.
By default, the global settings

apply. The global settings
include a 90-day password

aging time, a minimum

10-character password length,
one type number, and one type

length.