Manualshelf

Access Security Guide K/KA/KB.15.15

ManualsBrandsHP ManualsNetwork HardwareHP 5406R-8XGT/8SFP+ (No PSU) v2 zl2 Switch
171172173174175176177178179180
Figure 138 Configuring authorized commands for a group in the correct order
Some commands cause the switch CLI to enter a special context, such as test mode, and the input
is not processed by the normal CLI. Keyboard input is not checked against the command
authorization group. If these special contexts are permitted, the user can proceed outside the control
and logging of the command group configuration.
Configuring a local user for a group
Local manager user logins and authorized command configuration are mutually exclusive with
RADIUS or TACACS authentication and with RADIUS authorization and accounting.
To create a local user enter this command for the group with the appropriate authorizations.
Syntax:
[no]aa authentication localuser username group group-name
password <plaintext|sha1 password>
Defines a local user for a defined group.
local-user username
The local user being added to the authorization group. The username can have
a maximum of 16 characters. It must not contain spaces and is case-sensitive.
group group-name
The authorization group the local user belongs to. The group must have been
created already.
password<plaintext|sha1 password
The plaintext password string can have a maximum of 16 characters. It must
not contain spaces and is case-sensitive.
NOTE: You are not allowed to actually enter the plaintext password in-line
as part of the command; you will be prompted for it. The password is obscured
when you enter it. The password is obscured when you enter it. This is similar
to entering the password for the manager or operator.
If include-credentials is enabled, displaying the configuration shows the user
passwords as SHA1 hash. If include-credentials is not enabled, then no password
information is shown.
If a user is assigned to a command group and the group is subsequently deleted,
the user will have operator privileges.
Figure 139 Creating a local user for a group
Displaying Command Authorization Information
To display information about users and command authorization for command groups, enter this
command.
178 RADIUS Authentication, Authorization, and Accounting