HP A-F1000-E Getting Started Manual page 58

To do...
Enable command
authorization
Enable command
accounting
Exit to system view
Enter the
default ISP
domain view
Configure
Apply the
the
specified
authentica
AAA scheme
tion mode
to the domain
Return to
system view
Create a local user and
enter local user view
Set the authentication
password for the local user
Use the command...
command authorization
command accounting
quit
domain domain-name
authentication default
{ hwtacacs-scheme
hwtacacs-scheme-name
[ local ] | local | none |
radius-scheme
radius-scheme-name
[ local ] }
quit
local-user user-name
password { cipher | simple }
password
52
Remarks
Optional
•
By default, command authorization is not
enabled.
•
By default, command level for a login user
depends on the user privilege level. The user
is authorized the command with the default
level not higher than the user privilege level.
With the command authorization
configured, the command level for a login
user is determined by both the user privilege
level and AAA authorization. If a user
executes a command of the corresponding
command level, the authorization server
checks whether the command is authorized.
If yes, the command can be executed.
Optional
•
By default, command accounting is
disabled. The accounting server does not
record the commands executed by users.
•
Command accounting allows the
HWTACACS server to record all executed
commands that are supported by the device,
regardless of the command execution result.
This helps control and monitor user
operations on the device. If command
accounting is enabled and command
authorization is not enabled, every executed
command is recorded on the HWTACACS
server. If both command accounting and
command authorization are enabled, only
the authorized and executed commands are
recorded on the HWTACACS server.
—
Optional
By default, the AAA scheme is local.
Required
By default, no local user exists.
Required