Configuring User Role Authentication; Obtaining Temporary User Role Authorization - HP 5130 EI series Configuration Manual

Keywords
scheme local

Configuring user role authentication

Step
1. Enter system view.
2. Set an authentication
mode.
3. (Optional.) Specify
the default target
user role for
temporary user role
authorization.
4. Set a local
authentication
password for a user
role.

Obtaining temporary user role authorization

AUX or VTY users must pass authentication before they can use a user role that is not included in the user
account they are logged in with.
Perform the following task in user view:
Task
Obtain the temporary
authorization to use a
user role.
Authentication mode
Remote AAA authentication
first, and then local
password authentication
(remote-then-local)
Command
system-view
super authentication-mode
{ local | scheme } *
super default role rolename
•
In non-FIPS mode:
super password [ role
rolename ] [ { hash |
simple } password ]
•
In FIPS mode:
super password [ role
rolename ]
Command
super [ rolename ]
Description
Remote AAA authentication is performed first.
Local password authentication is performed in either of the
following situations:
•
The HWTACACS or RADIUS server does not respond.
•
The remote AAA configuration on the device is invalid.
Remarks
N/A
By default, local-only authentication applies.
By default, the default target user role is
network-admin.
Use this step for local password authentication.
By default, no password is configured.
If you do not specify the role rolename option,
the command sets a password for the default
target user role.
Remarks
If you do not specify the rolename argument, you obtain
the default target user role for temporary user role
authorization.
The operation fails after three consecutive unsuccessful
password attempts.
The user role must have the permission to execute the
super command to obtain temporary user role
authorization.
58