Configuring User Group Attributes - 3Com S7906E Configuration Manual

To do...
Configure the authorization
attributes for the local user
Set the expiration time of the local
user
Specify the user group for the local
user
Note that:
With the local-user password-display-mode cipher-force command configured, a local user
password is always displayed in cipher text, regardless of the configuration of the password
command. In this case, if you use the save command to save the configuration, all existing local
user passwords will still be displayed in cipher text after the device restarts, even if you restore the
display mode to auto.
The access-limit command configured for a local user takes effect only when local accounting is
used.
Local authentication checks the service types of a local user. If the service types are not available,
the user cannot pass authentication.
With an authentication method that requires the username and password, including local
authentication, RADIUS authentication, and HWTACACS authentication, the commands that a
login user can use after logging in depend on the level of the user. With other authentication
methods, which commands are available depends on the level of the user interface. For an SSH
user using public key authentication, the commands that can be used depend on the level
configured on the user interface. For details about authentication method and commands
accessible to user interface, refer to Login Configuration in the System Volume.
Binding attributes are checked upon authentication of a local user. If the checking fails, the user
fails the authentication. Therefore, be cautious when deciding which binding attributes should be
configured for a local user.
Every configurable authorization attribute has its definite application environments and purposes.
Therefore, when configuring authorization attributes for a local user, consider what attributes are
needed.

Configuring User Group Attributes

The concept of user group is introduced to simplify local user configuration and manageability. A user
group consists of a group of local users and has a set of local user attributes. You can configure local
user attributes for a user group to implement centralized management of user attributes for the local
users in the group. Currently, you can configure password control attributes and authorization attributes
for a user group.
By default, every newly added local user belongs to a user group named system and bears all attributes
of the group. User group system is automatically created by the device.
Use the command...
authorization-attribute { acl
acl-number | callback-number
callback-number | idle-cut
minute | level level |
user-profile profile-name | vlan
vlan-id | work-directory
directory-name } *
expiration-date time
group group-name
1-22
Remarks
Optional
By default, no authorization
attribute is configured for a
local user.
Optional
Not set by default
Optional
By default, a local user
belongs to the default user
group system.