Configuring Temporary User Role Authorization; Configuration Guidelines - HPE FlexFabric 5940 Series Configuration Manual
Fundamentals configuration guide
Hide thumbs
Also See for FlexFabric 5940 Series:
- Security configuration manual (571 pages) ,
- Configuration manual (334 pages) ,
- Fundamentals command reference (289 pages)
Table of Contents
Advertisement
•
SSH clients that use publickey or password-publickey authentication. User roles assigned to
these SSH clients are specified in their respective device management user accounts.
For more information about user lines, see
information about SSH, see Security Configuration Guide.
To assign a user role to non-AAA authentication users on a user line:
Step
Enter system view.
1.
Enter user line view or
2.
user line class view.
Specify a user role on the
3.
user line.
Configuring temporary user role authorization
Temporary user role authorization allows you to obtain another user role without reconnecting to the
device. This feature is useful when you want to use a user role temporarily to configure a feature.
Temporary user role authorization is effective only on the current login. This feature does not change
the user role settings in the user account that you have been logged in with. The next time you are
logged in with the user account, the original user role settings take effect.
Configuration guidelines
When you configure temporary user role authorization, follow these guidelines:
•
To enable a user to obtain another user role without reconnecting to the device, you must
configure user role authentication.
configuration requirements.
•
If HWTACACS authentication is used, the following rules apply:
The device uses the entered username and password to request role authentication, and it
sends the username to the server in the username or username@domain-name format.
Whether the domain name is included in the username depends on the user-name-format
command in the HWTACACS scheme.
To obtain a level-n user role, the user account on the server must have the target user role
level or a level higher than the target user role. A user account that obtains the level-n user
role can obtain any user role among level 0 through level-n.
To obtain a non-level-n user role, make sure the user account on the server meets the
following requirements:
− The account has a user privilege level.
"Login
overview" and
Command
system-view
•
Enter user line view:
line { first-num1 [ last-num1 ]
| { aux | vty } first-num2
[ last-num2 ] }
•
Enter user line class view:
line class { aux | vty }
user-role role-name
Table 9
describes the available authentication modes and
26
"Configuring CLI
login." For more
Remarks
N/A
For information about the priority
order and application scope of the
settings in user line view and user line
class view, see
"Configuring CLI
login."
Repeat this step to specify a
maximum of 64 user roles on a user
line.
By default, the network-admin user
role is specified on the AUX user line,
and the network-operator user role is
specified on any other user line.
The device cannot assign the
security-audit user role to non-AAA
authentication users.
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
