HP 6125G Configuration Manual page 28

Step
9. Configure the authorization
attributes for the local user.
10. Set the validity time of the
local user.
11. Set the expiration time of the
local user.
12. Assign the local user to a user
group.
For more information about password control configuration commands, see Security Command
•
Reference.
If the user interface authentication mode (set by the authentication-mode command in user
•
interface view) is AAA (scheme), which commands a login user can use after login depends on the
privilege level authorized to the user. If the user interface authentication mode is password
(password) or no authentication (none), which commands a login user can use after login depends
on the level configured for the user interface (set by the user privilege level command in user
interface view). For an SSH user using public key authentication, which commands are available
depends on the level configured for the user interface. For more information about user interface
authentication mode and user interface command level, see Fundamentals Configuration Guide.
You can configure the user profile authorization attribute in local user view, user group view, and ISP
•
domain view. The setting in local user view has the highest priority, and that in ISP domain view has
the lowest priority. For more information about user profiles, see
You cannot delete a local user who is the only security log manager in the system, nor can you
•
change or delete the security log manager role of the user. To do so, you must specify a new security
log manager first.
Configuring user group attributes
User groups simplify local user configuration and management. A user group consists of a group of local
users and has a set of local user attributes. You can configure local user attributes for a user group to
implement centralized user attributes management for the local users in the group. Configurable user
attributes include password control attributes and authorization attributes.
Command
authorization-attribute { acl
acl-number | dle-cut minute |
level level | user-profile
profile-name | user-role { guest
| guest-manager |
security-audit } | vlan vlan-id |
work-directory
directory-name } *
validity-date time
expiration-date time
group group-name
18
Remarks
Optional.
By default, no authorization
attribute is configured for a local
user.
For LAN users, only acl, idle-cut,
user-profile, and vlan are
supported.
For SSH, terminal, and Web users,
only level is supported.
For FTP users, only level and
work-directory are supported.
For Telnet users, only level and
user-role is supported.
For other types of local users, no
binding attribute is supported.
Optional.
Not set by default.
Optional.
Not set by default.
Optional.
By default, a local user belongs to
the default user group system.
"Configuring a user profile."