HP ProCurve 9304M Security Manual page 62

Security Guide for ProCurve 9300/9400 Series Routing Switches
NOTE: If you configure authentication for Web management access, authentication is performed each time a
page is requested from the server. When frames are enabled on the Web management interface, the browser
sends an HTTP request for each frame. The HP device authenticates each HTTP request from the browser. To
limit authentications to one per page, disable frames on the Web management interface.
The <method1> parameter specifies the primary authentication method. The remaining optional <method>
parameters specify additional methods to try if an error occurs with the primary method. A method can be one of
the values listed in the Method Parameter column in the following table.
Method Parameter
line
enable
local
tacacs
tacacs+
radius
none
NOTE: For examples of how to define authentication-method lists for types of authentication other than RADIUS,
see "Configuring Authentication-Method Lists" on page 2-54.
Entering Privileged EXEC Mode After a Telnet or SSH Login
By default, a user enters User EXEC mode after a successful login through Telnet or SSH. Optionally, you can
configure the device so that a user enters Privileged EXEC mode after a Telnet or SSH login. To do this, use the
following command:
ProCurveRS(config)# aaa authentication login privilege-mode
Syntax: aaa authentication login privilege-mode
The user's privilege level is based on the privilege level granted during login.
Configuring Enable Authentication to Prompt for Password Only
If Enable authentication is configured on the device, when a user attempts to gain Super User access to the
Privileged EXEC and CONFIG levels of the CLI, by default he or she is prompted for a username and password.
In this release, you can configure the HP device to prompt only for a password. The device uses the username
2 - 46
Table 2.6: Authentication Method Values
Description
Authenticate using the password you configured for Telnet access. The
Telnet password is configured using the enable telnet password...
command. See "Setting a Telnet Password" on page 2-13.
Authenticate using the password you configured for the Super User
privilege level. This password is configured using the enable super-
user-password... command. See "Setting Passwords for Management
Privilege Levels" on page 2-14.
Authenticate using a local user name and password you configured on
the device. Local user names and passwords are configured using the
username... command. See "Configuring a Local User Account" on
page 2-17.
Authenticate using the database on a TACACS server. You also must
identify the server to the device using the tacacs-server command.
Authenticate using the database on a TACACS+ server. You also must
identify the server to the device using the tacacs-server command.
Authenticate using the database on a RADIUS server. You also must
identify the server to the device using the radius-server command.
Do not use any authentication method. The device automatically
permits access.
June 2005