HP 6125XLG Configuration Manual page 28

Binding attributes are used for controlling the scope of users. They are checked during local
authentication of a user. If the attributes of a user do not match the binding attributes configured for
the local user account, the user cannot pass authentication. Binding attributes include IP address,
access port, MAC address, and native VLAN. For support and usage information about binding
attributes, see
• Authorization attributes.
Authorization attributes indicate the rights that a user has after passing local authentication.
Authorization attributes include the ACL, idle cut function, user role, VLAN, and FTP/SFTP work
directory. For support information about authorization attributes, see
attributes."
Every configurable authorization attribute has its definite application environments and purposes.
When you configure authorization attributes for a local user, consider which attributes are needed
and which are not.
You can configure an authorization attribute in user group view or local user view to make the
attribute effective for all local users in the group or for only the local user. The setting of an
authorization attribute in local user view takes precedence over that in user group view.
Password control attributes.
•
Password control attributes help control password security for device management users.
Password control attributes include password aging time, minimum password length, and
password composition policy.
You can configure a password control attribute in system view, user group view, or local user view,
making the attribute effective for all local users, local users in a group, or only the local user. A
password control attribute with a smaller effective range has a higher priority. For more
information about password management and global password configuration, see
password
Local user configuration task list
Tasks at a glance
(Required.)
(Optional.)
(Optional.)
Configuring local user attributes
Follow these guidelines when you configure local user attributes:
When the password control feature is globally enabled by using the password-control enable
•
command, local user passwords are not displayed.
The authentication mode of user interfaces is set by the authentication-mode command in user
•
interface view and affects the commands available for login users. In AAA (scheme) mode, the
authorized user role determines the commands available for each login user. In password
(password) or no authentication (none) mode, the user role of respective user interfaces determines
the commands available for the login users. The user role of respective user interfaces also
determines the commands available for the public key authenticated SSH users. For more
information about the authentication mode and user roles for user interfaces, see Fundamentals
Configuration Guide.
• You can configure authorization attributes and password control attributes in local user view or user
group view. The setting in local user view takes precedence.
"Configuring local user
control."
Configuring local user attributes
Configuring user group attributes
Displaying and maintaining local users and local user groups
attributes."
19
"Configuring local user
"Configuring