Manualshelf

R3303-HP HSR6800 Routers Security Configuration Guide

ManualsBrandsHP ManualsNetwork HardwareHP HSR68xx Configure-to-Order Router Solution
31323334353637383940
22
Password control attributes.
Password control attributes help you control the security of local users' passwords. Password
control attributes include password aging time, minimum password length, and password
composition policy.
You can configure a password control attribute in system view, user group view, or local user view,
making the attribute effective for all local users, all local users in a group, or only the local user. A
password control attribute with a smaller effective range has a higher priority. For more
information about password management and global password configuration, see "Configuring
password control." For more information about password control commands, see Security
Command Reference.
Binding attributes.
Binding attributes are used for controlling the scope of users. They are checked during local
authentication of a user. If the attributes of a user do not match the binding attributes configured for
the local user account, the user cannot pass authentication. Binding attributes include the ISDN
calling number, IP address, access port, MAC address, and native VLAN.
Authorization attributes.
Authorization attributes indicate the rights that a user has after passing local authentication.
Authorization attributes include the ACL, PPP callback number, idle cut function, user level, user
role, user profile, VLAN, and FTP/SFTP work directory. For more information about authorization
attributes, see "Configuring local user attributes."
Every c
onfigurable authorization attribute has its definite application environments and purposes.
When you configure authorization attributes for a local user, consider which attributes are needed
and which are not. For example, for PPP users, you do not need to configure the work directory
attribute.
You can configure an authorization attribute in user group view or local user view to make the
attribute effective for all local users in the group or for only the local user. The setting of an
authorization attribute in local user view takes precedence over that in user group view.
Local user configuration task list
Task Remarks
Configuring local user attributes Required.
Configuring user group attributes Optional.
Displaying and maintaining local users and local user groups Optional.
Configuring local user attributes
Follow these guidelines when you configure local user attributes:
When the password control feature is enabled globally by using the password-control enable
command, local user passwords are not displayed. and the password hash cipher command does
not take effect.
If the user interface authentication mode set by the authentication-mode command in user interface
view is AAA (scheme), which commands a login user can use after login depends on the privilege
level authorized to the user. If the user interface authentication mode is password (password) or no
authentication (none), which commands a login user can use after login depends on the level
configured for the user interface by using the user privilege level command in user interface view.
For an SSH user using public key authentication, which commands are available depends on the