R3303-HP HSR6800 Routers Security Command Reference
20
authorization login
Use authorization login to configure the authorization method for login users through the console, AUX,
or Asyn port, Telnet, or FTP.
Use undo authorization login to restore the default.
Syntax
authorization login { hwtacacs-scheme hwtacacs-scheme-name [ local ] | local | none | radius-scheme
radius-scheme-name [ local ] }
undo authorization login
Default
The default authorization method for the ISP domain is used for login users.
Views
ISP domain view
Default command level
2: System level
Parameters
hwtacacs-scheme hwtacacs-scheme-name: Specifies an HWTACACS scheme by its name, a
case-insensitive string of 1 to 32 characters.
local: Performs local authorization.
none: Does not perform any authorization exchange. After passing authentication, FTP users can access
the root directory of the device, and other login users can access only the commands of Level 0.
radius-scheme radius-scheme-name: Specifies a RADIUS scheme by its name, a case-insensitive string of
1 to 32 characters.
Usage guidelines
The specified RADIUS or HWTACACS scheme must have been configured.
The RADIUS authorization configuration takes effect only when the authentication method and
authorization method of the ISP domain use the same RADIUS scheme.
Examples
# Configure ISP domain test to use local authorization for login users.
<Sysname> system-view
[Sysname] domain test
[Sysname-isp-test] authorization login local
# Configure ISP domain test to use RADIUS authorization scheme rd for login users and use local
authorization as the backup.
<Sysname> system-view
[Sysname] domain test
[Sysname-isp-test] authorization login radius-scheme rd local
Related commands
• local-user
• authorization default