HP 5120 SI Series Security Configuration Manual page 31

NOTE:
For more information about password control attribute commands, see the chapter "Password control
•
configuration."
On a device supporting the password control feature, local user passwords are not displayed, and the
•
local-user password-display-mode command is not effective.
• With the local-user password-display-mode cipher-force command configured, a local user password
is always displayed in cipher text, regardless of the configuration of the password command. In this
case, if you use the save command to save the configuration, all existing local user passwords will still
be displayed in cipher text after the device restarts, even if you restore the display mode to auto.
The access-limit command configured for a local user takes effect only when local accounting is
•
configured.
If the user interface authentication mode (set by the authentication-mode command in user interface
•
view) is AAA (scheme), which commands a login user can use after login depends on the privilege level
authorized to the user. If the user interface authentication mode is password (password) or no
authentication (none), which commands a login user can use after login depends on the level
configured for the user interface (set by the user privilege level command in user interface view). For an
SSH user using public key authentication, which commands are available depends on the level
configured for the user interface. For more information about user interface authentication mode and
user interface command level, see the
• Be cautious when deciding which binding attributes should be configured for a local user. Binding
attributes are checked upon local authentication of a user. If the checking fails, the user fails the
authentication.
Every configurable authorization attribute has its definite application environments and purposes.
•
When configuring authorization attributes for a local user, consider what attributes are needed.
Configuring user group attributes
User groups simplify local user configuration and management. A user group comprises a group of local
users and has a set of local user attributes. You can configure local user attributes for a user group to
implement centralized user attributes management for the local users in the group. Configurable user
attributes include password control attributes and authorization attributes.
By default, every newly added local user belongs to the system default user group system and bears all
attributes of the group. To change the user group to which a local user belongs, use the user-group
command in local user view.
Follow these steps to configure attributes for a user group:
To do...
Enter system view
Create a user group and enter user group
view
Configure
password control
attributes for the
user group
Fundamentals Configuration Guide.
Use the command...
system-view
user-group group-name
Set the password
password-control aging aging-time
aging time
Set the minimum
password-control length length
password length
19
Remarks
—
Required
Optional
By default, the global
setting is used.
Optional
By default, the global
setting is used.