R3204P16-HP Load Balancing Module Security Configuration Guide-6PW101
141
The types of the services that the user can use. Local authentication checks the service types of a local user.
If none of the service types is available, the user cannot pass authentication.
Service types include FTP, LAN access, SSH, Telnet and Terminal.
• User state
Indicates whether or not a local user can request network services. There are two user states: active and
blocked. A user in the active state can request network services, but a user in the blocked state cannot.
• Maximum number of users using the same local user account
Indicates how many users can use the same local user account for local authentication.
• Expiration time
A user must use a valid local user account to pass local authentication. When some users need to access
the network temporarily, you can create a guest account and specify an expiration time for the account
to control the validity of the account.
• User group
Each local user belongs to a local user group and bears all attributes of the group, such as the password
control attributes and authorization attributes. For more information about local user group,
see” Configuring user group attributes.”
• Password control attributes
Password control attributes help you control the security of local users’ passwords. Password control
attributes include password aging time, minimum password length, and password composition policy.
You can configure a password control attribute in system view, user group view, or local user view,
making the attribute effective for all local users, all local users in a group, or only the local user. A
password control attribute with a smaller effective range has a higher priority.
• Binding attributes
Binding attributes are used for controlling the scope of users. They are checked during local
authentication of a user. If the attributes of a user do not match the binding attributes configured for the
local user account, the user cannot pass authentication. Binding attributes include the ISDN calling
number, IP address, access port, MAC address, and native VLAN. Be cautious when deciding which
binding attributes to configure for a local user.
• Authorization attributes
Authorization attributes indicate the rights that a user has after passing local authentication.
Authorization attributes include the ACL, idle cut function, user level, user role, user profile, VLAN, and
FTP/SFTP work directory.
Every configurable authorization attribute has its definite application environments and purposes. When
configuring authorization attributes for a local user, consider which attributes are needed and which are
not. For example, for PPP users, you do not need to configure the work directory attribute.
You can configure an authorization attribute in user group view or local user view to make the attribute
effective for all local users in the group or for only the local user. The setting of an authorization attribute
in local user view takes precedence over that in user group view.
Follow these steps to configure the attributes for a local user:
To do… Use the command…
Remarks
Enter system view system-view —