Configuring Local Users - HP 5920 Series Configuration Manual

Configuring local users

To implement local authentication, authorization, and accounting, create local users and configure user
attributes on the device. The local users and attributes are stored in the local user database on the device.
A local user is uniquely identified by the combination of a username and a user type. Local users are
classified into the following types:
Device management user—User who logs in to the device for device management.
•
Network access user—User who accesses network resources through the device.
•
Configurable local user attributes are:
Service type.
•
Services that the user can use. Local authentication checks the service types of a local user. If none
of the service types is available, the user cannot pass authentication.
Service types include FTP, LAN access, SSH, Telnet, and terminal.
• User state.
Whether or not a local user can request network services. There are two user states: active and
blocked. A user in active state can request network services, but a user in blocked state cannot.
User group.
•
Each local user belongs to a local user group and bears all attributes of the group, such as the
password control attributes and authorization attributes. For more information about local user
group, see
Binding attributes.
•
Binding attributes are used for controlling the scope of users. They are checked during local
authentication of a user. If the attributes of a user do not match the binding attributes configured for
the local user account, the user cannot pass authentication. Binding attributes include IP address,
access port, MAC address, and native VLAN. For support and usage information about binding
attributes, see
Authorization attributes.
•
Authorization attributes indicate the rights that a user has after passing local authentication.
Authorization attributes include the ACL, idle cut function, user role, VLAN, and FTP/SFTP work
directory. For support information about authorization attributes, see
attributes."
Every configurable authorization attribute has its definite application environments and purposes.
When you configure authorization attributes for a local user, consider which attributes are needed
and which are not.
You can configure an authorization attribute in user group view or local user view to make the
attribute effective for all local users in the group or for only the local user. The setting of an
authorization attribute in local user view takes precedence over that in user group view.
• Password control attributes.
Password control attributes help you control password security for device management users.
Password control attributes include password aging time, minimum password length, and
password composition policy.
You can configure a password control attribute in system view, user group view, or local user view,
making the attribute effective for all local users, local users in a group, or only the local user. A
password control attribute with a smaller effective range has a higher priority. For more
"Configuring user group
"Configuring local user
attributes."
attributes."
18
"Configuring local user