HP MSR2000 Configuration Manual page 28

Binding attributes—Binding attributes control the scope of users, and are checked during local
•
authentication of a user. If the attributes of a user do not match the binding attributes configured for
the local user account, the user cannot pass authentication. Binding attributes include the ISDN
calling number, IP address, access port, MAC address, and native VLAN. For support and usage
information about binding attributes, see
• Authorization attributes—Authorization attributes indicate the user's rights after it passes local
authentication. Authorization attributes include the ACL, PPP callback number, idle cut function, user
role, VLAN, and FTP/SFTP work directory. For support information about authorization attributes,
see "Configuring local user
Configure the authorization attributes based on the service type of local users. For example, you
need not configure the FTP/SFTP work directory attribute for a PPP user.
You can configure an authorization attribute in user group view or local user view to make the
attribute effective for all local users in the group or for only the local user. The setting of an
authorization attribute in local user view takes precedence over the attribute setting in user group
view.
• Password control attributes—Password control attributes help control password security for device
management users. Password control attributes include password aging time, minimum password
length, password composition checking, password complexity checking, and login attempt limit.
You can configure a password control attribute in system view, user group view, or local user view,
making the attribute effective for all local users, local users in a group, or only the local user. A
password control attribute with a smaller effective range has a higher priority. For more
information about password management and global password configuration, see "Configuring
password control."
Local user configuration task list
Tasks at a glance
(Required.)
(Optional.)
(Optional.)
Configuring local user attributes
Follow these guidelines when you configure local user attributes:
When you use the password-control enable command to globally enable the password control
•
feature, local user passwords are not displayed.
The authentication mode of user interfaces is set by the authentication-mode command and affects
•
access to commands for login users. In AAA (scheme) mode, the authorized user role determines
the commands available for each login user. In password (password) or no authentication (none)
mode, the user role of respective user interfaces determines the commands available for the login
users. The user role of respective user interfaces also determines the commands available for the
public key authenticated SSH users. For more information about the authentication mode and user
roles for user interfaces, see Fundamentals Configuration Guide.
You can configure authorization attributes and password control attributes in local user view or user
•
group view. The setting in local user view takes precedence over the setting in user group view.
To configure local user attributes:
attributes."
Configuring local user attributes
Configuring user group attributes
Displaying and maintaining local users and local user groups
"Configuring local user
17
attributes."