Local user configuration task list, Configuring local user attributes – H3C Technologies H3C SecPath F1000-E User Manual

165

about binding attributes, see "

Configuring local user attributes

." Be cautious when deciding which

binding attributes to configure for a local user.

•

Authorization attributes:
Authorization attributes indicate the rights that a user has after passing local authentication.

Authorization attributes include the ACL, PPP callback number, idle cut function, user level, user
role, user profile, VLAN, and FTP/SFTP work directory. For more information about authorization

attributes, see "

Configuring local user attributes

."

Every configurable authorization attribute has its definite application environments and purposes.
When you configure authorization attributes for a local user, consider which attributes are needed

and which are not. For example, for PPP users, you do not need to configure the work directory
attribute.
You can configure an authorization attribute in user group view or local user view to make the
attribute effective for all local users in the group or for only the local user. The setting of an

authorization attribute in local user view takes precedence over that in user group view.

Local user configuration task list

Task Remarks

Configuring local user attributes

Required

Configuring user group attributes

Optional

Displaying and maintaining local users and local user groups

Optional

Configuring local user attributes

Follow these guidelines when you configure the local user attributes:

•

On a firewall supporting the password control feature, local user passwords are not displayed, and
the local-user password-display-mode command is not effective.

•

If you configure the local-user password-display-mode cipher-force command, all existing local
user passwords are displayed in cipher text, regardless of the configuration of the password

command. If you also save the configuration and restart the firewall, all existing local user

passwords are always displayed in cipher text, no matter how you configure the local-user
password-display-mode command or the password command. The passwords configured after

you restore the display mode to auto by using the local-user password-display-mode auto

command, however, are displayed as defined by the password command.

•

The access-limit command configured for a local user takes effect only in the case of local
accounting.

•

If the user interface authentication mode (set by the authentication-mode command in user

interface view) is AAA (scheme), which commands a login user can use after login depends on the
privilege level authorized to the user. If the user interface authentication mode is password

(password) or no authentication (none), which commands a login user can use after login depends

on the level configured for the user interface (set by the user privilege level command in user

interface view). For an SSH user using public key authentication, which commands are available
depends on the level configured for the user interface. For more information about user interface

authentication mode and user interface command level, see Getting Started Guide.

•

You can configure the user profile authorization attribute in both local user view and ISP domain
view. The setting in local user view takes precedence.

To configure attributes for a local user: