HP 6125XLG R2306-HP 6125XLG Blade Switch Security Command Reference - Page 19
authorization command, Usage guidelines, Examples, Related commands, Syntax, Default, Views
View all HP 6125XLG manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 19 highlights
Usage guidelines You can specify one authentication method and one backup authentication method to use in case that the previous authentication method is invalid. If you specify a scheme to provide the method for user role authentication, the method applies only to users whose user role is in the format of level-n. • If an HWTACACS scheme is specified, the device uses the entered username for role authentication. The username must already exist on the HWTACACS server to represent the highest user level that a user can obtain. For example, to obtain a level-3 user role whose username is test, the device uses test@domain-name or test for role authentication, depending on whether the domain name is required. • If a RADIUS scheme is specified, the device uses the username $enabn$ on the RADIUS server for role authentication, where n is the same as that in the target user role. For example, to obtain a level-3 user role whose username is test, the device uses $enab3$@domain-name or $enab3$ for any users who request authentication for obtaining the level-3 user role, depending on whether the domain name is required. Examples # Configure ISP domain test to use HWTACACS scheme tac for user role authentication. system-view [Sysname] super authentication-mode scheme [Sysname] domain test [Sysname-domain-test] authentication super hwtacacs-scheme tac Related commands • authentication default • hwtacacs scheme • radius scheme authorization command Use authorization command to specify the command authorization method. Use undo authorization command to restore the default. Syntax In non-FIPS mode: authorization command { hwtacacs-scheme hwtacacs-scheme-name [ local ] [ none ] | local [ none ] | none } undo authorization command In FIPS mode: authorization command { hwtacacs-scheme hwtacacs-scheme-name [ local ] | local } undo authorization command Default The default authorization method of the ISP domain is used for command authorization. Views ISP domain view 10