Configuring Local Users - HP FlexFabric 5930 Series Security Configuration Manual

Configuring local users

To implement local authentication, authorization, and accounting, create local users and configure user
attributes on the device. The local users and attributes are stored in the local user database on the device.
A local user is uniquely identified by the combination of a username and a user type. The device only
supports device management users who log in to the device for device management.
The following local user attributes are available:
Service type—Services that the user can use. Local authentication checks the service types of a local
•
user. If none of the service types is available, the user cannot pass authentication.
Service types include FTP, SSH, Telnet, and terminal.
User state—Whether or not a local user can request network services. There are two user states:
•
active and blocked. A user in active state can request network services, but a user in blocked state
cannot.
• Upper limit of concurrent logins using the same user name—Maximum number of users who can
concurrently access the device by using the same user name. When the number of local users using
the same user name reaches the upper limit, no more local users can access the device by using that
user name.
User group—Each local user belongs to a local user group and has all attributes of the group, such
•
as the password control attributes and authorization attributes. For more information about local
user group, see
Authorization attributes—Authorization attributes indicate the user's rights after it passes local
•
authentication. Authorization attributes include the ACL, idle cut function, user role, VLAN, and
FTP/SFTP work directory. For support information about authorization attributes, see
local user
Configure the authorization attributes based on the service type of local users.
You can configure an authorization attribute in user group view or local user view to make the
attribute effective for all local users in the group or for only the local user. The setting of an
authorization attribute in local user view takes precedence over the attribute setting in user group
view.
Password control attributes—Password control attributes help control password security for device
•
management users. Password control attributes include password aging time, minimum password
length, password composition checking, password complexity checking, and login attempt limit.
You can configure a password control attribute in system view, user group view, or local user view,
making the attribute effective for all local users, local users in a group, or only the local user. A
password control attribute with a smaller effective range has a higher priority. For more
information about password management and global password configuration, see
password
Local user configuration task list
Tasks at a glance
(Required.)
(Optional.)
(Optional.)
"Configuring user group
attributes."
control."
Configuring local user attributes
Configuring user group attributes
Displaying and maintaining local users and local user groups
attributes."
16
"Configuring
"Configuring