Local user configuration task list, Configuring local user attributes – H3C Technologies H3C SecBlade LB Cards User Manual
Page 63
52
Authorization attributes indicate the rights that a user has after passing local authentication.
Authorization attributes include the user level, user role, and FTP/SFTP work directory. For more
information about authorization attributes, see "
Configuring local user attributes
Every configurable authorization attribute has its definite application environments and purposes.
When you configure authorization attributes for a local user, consider which attributes are needed
and which are not.
You can configure an authorization attribute in user group view or local user view to make the
attribute effective for all local users in the group or for only the local user. The setting of an
authorization attribute in local user view takes precedence over that in user group view.
Local user configuration task list
Task Remarks
Configuring local user attributes
Required.
Configuring user group attributes
Optional.
Displaying and maintaining local users and local user groups
Optional.
Configuring local user attributes
Follow these guidelines when you configure local user attributes:
•
When the password control feature is globally enabled by using the password-control enable
command, local user passwords are not displayed, and the password hash cipher command
cannot be used.
•
If the user interface authentication mode (set by the authentication-mode command in user
interface view) is AAA (scheme), which commands a login user can use after login depends on the
privilege level authorized to the user. If the user interface authentication mode is password
(password) or no authentication (none), which commands a login user can use after login depends
on the level configured for the user interface by using the user privilege level command in user
interface view. For an SSH user using public key authentication, which commands are available
depends on the level configured for the user interface.
•
You cannot delete a local user who is the only security log manager in the system, nor can you
change or delete the security log manager role of the user. To do so, you must specify a new security
log manager first.
To configure local user attributes:
Step Command
Remarks
1.
Enter system view.
system-view
N/A
2.
Add a local user and enter
local user view.
local-user user-name [ vd
vd-name ]
By default, a local user exists.
3.
Configure a password for
the local user.
password [ [ hash ] { cipher |
simple } password ]
Optional.
A local user with no password
configured directly passes
authentication after providing the valid
local username and attributes. To
enhance security, configure a
password for each local user.