HPE FlexFabric 7900 Series Security Configuration Manual page 24
Hide thumbs
Also See for FlexFabric 7900 Series:
- Layer 3 ip routing command reference (414 pages) ,
- Security configuration manual (323 pages) ,
- Security command reference (320 pages)
Table of Contents
Advertisement
Local user configuration task list
Tasks at a glance
(Required.)
(Optional.)
Configuring user group attributes
(Optional.)
Displaying and maintaining local users and local user groups
Configuring local user attributes
When you configure local user attributes, follow these guidelines:
•
When you use the password-control enable command to globally enable the password
control feature, local user passwords are not displayed.
•
You can configure authorization attributes and password control attributes in local user view or
user group view. The setting in local user view takes precedence over the setting in user group
view.
•
Configure authorization attributes according to the application environments and purposes.
Support for authorization attributes depends on the service types of users.
For Telnet and terminal users, only the authorization attributes idle-cut and user-role are
effective.
For SSH users, only the authorization attributes idle-cut, user-role, and work-directory
are effective.
For FTP users, only the authorization attributes user-role and work-directory are effective.
For other types of local users, no authorization attribute takes effect.
To configure local user attributes:
Step
1.
Enter system view.
2.
Add a local user and enter
local user view.
3.
(Optional.) Configure a
password for the local
user.
4.
Assign services to the
local user.
5.
(Optional.) Place the local
user to the active or
blocked state.
6.
(Optional.) Set the upper
Configuring local user attributes
Command
system-view
local-user user-name [ class
manage ]
•
•
•
•
state { active | block }
access-limit max-user-number
In non-FIPS mode:
password [ { hash | simple }
password ]
In FIPS mode:
password
In non-FIPS mode:
service-type { ftp | { ssh |
telnet | terminal } * }
In FIPS mode:
service-type { ssh | terminal }
*
16
Remarks
N/A
By default, no local user exists.
The password is encrypted with the
hash algorithm and saved in
ciphertext.
In non-FIPS mode, a
non-password-protected user
passes authentication if the user
provides the correct username and
passes attribute checks. To
enhance security, configure a
password for each local user.
In FIPS mode, only
password-protected users can pass
authentication.
By default, no service is authorized
to a local user.
By default, a created local user is in
active state and can request
network services.
By default, the number of concurrent
Advertisement
Table of Contents
Troubleshooting
