HP VSR1000 Security Configuration Manual page 29

User group—Each local user belongs to a local user group and has all attributes of the group. The
•
attributes include the password control attributes and authorization attributes. For more information
about local user group, see
Binding attributes—Binding attributes control the scope of users, and are checked during local
•
authentication of a user. If the attributes of a user do not match the binding attributes configured for
the local user account, the user cannot pass authentication. Binding attributes include the ISDN
calling number, IP address, access port, MAC address, and native VLAN. For support and usage
information about binding attributes, see
Authorization attributes—Authorization attributes indicate the user's rights after it passes local
•
authentication. Authorization attributes include the ACL, PPP callback number, idle cut function, user
role, VLAN, and FTP/SFTP/SCP working directory. For support information about authorization
attributes, see
Configure the authorization attributes based on the service type of local users. For example, you
do not need to configure the FTP/SFTP/SCP working directory attribute for a PPP user.
You can configure an authorization attribute in user group view or local user view. The setting of
an authorization attribute in local user view takes precedence over the attribute setting in user
group view.
The attribute configured in user group view takes effect on all local users in the user group.
The attribute configured in local user view takes effect only on the local user.
Password control attributes—Password control attributes help control password security for device
•
management users. Password control attributes include password aging time, minimum password
length, password composition checking, password complexity checking, and login attempt limit.
You can configure a password control attribute in system view, user group view, or local user view.
A password control attribute with a smaller effective range has a higher priority. For more
information about password management and global password configuration, see
password
Local user configuration task list
Tasks at a glance
(Required.)
(Optional.)
(Optional.)
Configuring local user attributes
When you configure local user attributes, follow these guidelines:
When you use the password-control enable command to globally enable the password control
•
feature, local user passwords are not displayed.
You can configure authorization attributes and password control attributes in local user view or user
•
group view. The setting in local user view takes precedence over the setting in user group view.
To configure local user attributes:
Step
Enter system view.
1.
2. Add a local user and enter
local user view.
"Configuring user group
"Configuring local user
control."
Configuring local user attributes
Configuring user group attributes
Displaying and maintaining local users and local user groups
Command
system-view
local-user user-name [ class
{ manage | network } ]
attributes."
"Configuring local user
attributes."
19
attributes."
Remarks
N/A
By default, no local user exists.
"Configuring