HP 6125XLG R2306-HP 6125XLG Blade Switch Security Configuration Guide - Page 28
Local user configuration task list, Configuring local user attributes
View all HP 6125XLG manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 28 highlights
Binding attributes are used for controlling the scope of users. They are checked during local authentication of a user. If the attributes of a user do not match the binding attributes configured for the local user account, the user cannot pass authentication. Binding attributes include IP address, access port, MAC address, and native VLAN. For support and usage information about binding attributes, see "Configuring local user attributes." • Authorization attributes. Authorization attributes indicate the rights that a user has after passing local authentication. Authorization attributes include the ACL, idle cut function, user role, VLAN, and FTP/SFTP work directory. For support information about authorization attributes, see "Configuring local user attributes." Every configurable authorization attribute has its definite application environments and purposes. When you configure authorization attributes for a local user, consider which attributes are needed and which are not. You can configure an authorization attribute in user group view or local user view to make the attribute effective for all local users in the group or for only the local user. The setting of an authorization attribute in local user view takes precedence over that in user group view. • Password control attributes. Password control attributes help control password security for device management users. Password control attributes include password aging time, minimum password length, and password composition policy. You can configure a password control attribute in system view, user group view, or local user view, making the attribute effective for all local users, local users in a group, or only the local user. A password control attribute with a smaller effective range has a higher priority. For more information about password management and global password configuration, see "Configuring password control." Local user configuration task list Tasks at a glance (Required.) Configuring local user attributes (Optional.) Configuring user group attributes (Optional.) Displaying and maintaining local users and local user groups Configuring local user attributes Follow these guidelines when you configure local user attributes: • When the password control feature is globally enabled by using the password-control enable command, local user passwords are not displayed. • The authentication mode of user interfaces is set by the authentication-mode command in user interface view and affects the commands available for login users. In AAA (scheme) mode, the authorized user role determines the commands available for each login user. In password (password) or no authentication (none) mode, the user role of respective user interfaces determines the commands available for the login users. The user role of respective user interfaces also determines the commands available for the public key authenticated SSH users. For more information about the authentication mode and user roles for user interfaces, see Fundamentals Configuration Guide. • You can configure authorization attributes and password control attributes in local user view or user group view. The setting in local user view takes precedence. 19