Configuring Scheme Authentication For Telnet Login - HP 5830 Series Configuration Manual

Configuring scheme authentication for Telnet login

Follow these guidelines when you configure scheme authentication for Telnet login:
To make the command authorization or command accounting function take effect, apply an
•
HWTACACS scheme to the intended ISP domain. This scheme must specify the IP address of the
authorization server and other authorization parameters.
• If the local authentication scheme is used, use the authorization-attribute level level command in
local user view to set the user privilege level on the device.
If a RADIUS or HWTACACS authentication scheme is used, set the user privilege level on the
•
RADIUS or HWTACACS server.
To configure scheme authentication for Telnet login:
Step
1. Enter system view.
2. Enable Telnet.
3. Enter one or multiple VTY user
interface views.
4. Enable scheme authentication.
5. Enable command authorization.
Command
system-view
telnet server enable
user-interface vty first-number
[ last-number ]
authentication-mode scheme
command authorization
36
Remarks
N/A
By default, the Telnet service is
enabled.
N/A
By default, local authentication is
used.
If local authentication is used and
the password control function is
enabled, change the password at
the first login. If NTP is being used
for system time synchronization, HP
recommends that you wait 10
minutes before changing the
password, so the configuration time
of the new password is based on
the synchronized system time.
Optional.
By default, command authorization
is disabled. The commands
available for a user only depend on
the user privilege level.
If command authorization is
enabled, a command is available
only if the user has the
commensurate user privilege level
and is authorized to use the
command by the AAA scheme.