Tearing Down User Connections Forcibly - H3C S5500-SI Series Operation Manual

Local authentication checks the service types of a local user. If the service types are not available,
the user cannot pass authentication.
In the authentication method that requires the username and password, including local
authentication, RADIUS authentication and HWTACACS authentication, the commands that a
login user can use after logging in depend on the level of the user. In other authentication methods,
which commands are available depends on the level of the user interface. For an SSH user using
public key authentication, the commands that can be used depend on the level configured on the
user interface. For details regarding authentication method and commands accessible to user
interface, refer to Login Configuration in the System Volume.
Binding attributes are checked upon authentication of a local user. If the checking fails, the user
fails the authentication. Therefore, be cautious when deciding which binding attributes should be
configured for a local user.
Every configurable authorization attribute has its definite application environments and purposes.
Therefore, when configuring authorization attributes for a local user, consider what attributes are
needed.
Configuring User Group Attributes
For simplification of local user configuration and manageability of local users, the concept of user group
is introduced. A user group consists of a group of local users and has a set of local user attributes. You
can configure local user attributes for a user group to implement centralized management of user
attributes for the local users in the group. Currently, you can configure password control attributes and
authorization attributes for a user group.
By default, every newly added local user belongs to the user group of system and bears all attributes of
the group. User group system is automatically created by the device.
Follow these steps to configure the attributes for a user group:
To do...
Enter system view
Create a user group and enter user
group view
Configure the authorization attributes
for the user group

Tearing down User Connections Forcibly

Follow these steps to tear down user connections forcibly:
To do...
Enter system view
Use the command...
system-view
user-group group-name
authorization-attribute { acl
acl-number |
callback-number
callback-number | idle-cut
minute | level level |
user-profile profile-name |
vlan vlan-id | work-directory
directory-name } *
Use the command...
system-view
1-21
Remarks
—
Required
Optional
By default, no
authorization attribute is
configured for a user
group.
Remarks
—