HP A5830 Series Configuration Manual page 27

To do...
13. Assign the local user to a user
group.
For more information about relevant commands, see Security Command Reference.
When the password control feature is enabled globally (by using the password-control enable
command), local user passwords are not displayed, and the local-user password-display-mode
command is not effective.
If you configure the local-user password-display-mode cipher-force command, all existing local user
passwords are displayed in cipher text, regardless of the configuration of the password command. If you
also save the configuration and restart the switch, all existing local user passwords are always displayed
in cipher text, no matter how you configure the local-user password-display-mode command or the
password command. The passwords configured after you restore the display mode to auto by using the
local-user password-display-mode auto command, however, are displayed as defined by the password
command.
If the user interface authentication mode (set by the authentication-mode command in user interface
view) is AAA (scheme), the commands that a login user can use after login are determined by the
privilege level authorized to the user. If the user interface authentication mode is password (password) or
no authentication (none), the commands that a login user can use after login are determined by the level
configured for the user interface (set by the user privilege level command in user interface view). For an
SSH user using public key authentication, the commands that are available are determined by the level
configured for the user interface. For more information about user interface authentication mode and
user interface command level, see Fundamentals Configuration Guide.
You can configure the user profile authorization attribute in local user view, user group view, and ISP
domain view. The setting in local user view has the highest priority, and that in ISP domain view has the
lowest priority. For more information about user profiles, see
You cannot delete a local user that is the only security log manager in the system, nor can you change
or delete the security log manager role of the user. To do so, you must first specify a new security log
manager.
Configuring user group attributes
User groups simplify local user configuration and management. A user group consists of a group of local
users and has a set of local user attributes. You can configure local user attributes for a user group to
implement centralized user attributes management for the local users in the group. Configurable user
attributes include password control attributes and authorization attributes.
By default, every newly added local user belongs to the system default user group system and bears all
attributes of the group. To change the user group to which a local user belongs, use the user-group
command in local user view.
To configure attributes for a user group:
To do...
1. Enter system view.
2. Create a user group and enter user
group view.
Use the command...
group group-name
Use the command...
system-view
user-group group-name
19
Remarks
Optional.
By default, a local user belongs to the
default user group system.
"Configuring local users."
Remarks
—
Required.