R3204P16-HP Load Balancing Module Security Configuration Guide-6PW101

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module

151

152

153

154

155

156

157

158

159

160

143

To do… Use the command…

Remarks

Configure the

authorization attributes

for the local user

authorization-attribute { acl

acl-number |

callback-number

callback-number | idle-cut

minute | level level |

user-profile profile-name |

vlan vlan-id | work-directory

directory-name } *

Optional

By default, no authorization attribute is

configured for a local user.

acl, idle-cut, user-profile, and vlan are supported

for LAN users; level is supported for SSH, Telnet,

and terminal users; level and work-directory are

supported for FTP users; no binding attribute is

supported for other types of local users.

Set the expiration time of

the local user

expiration-date time

Optional

Not set by default

Specify the user group for

the local user

group group-name

Optional

By default, a local user belongs to the default user

group system.

NOTE:

• If you configure the local-user password-display-mode cipher-force command, all existin

local user

passwords will be displayed in cipher text, regardless of the configuration of the password command.

If you also save the configuration and restart the LB module, all existing local user passwords will always

be displayed in cipher text, no matter how you configure the local-user password-display-mode

command or the password command. The passwords configured after you restore the display mode to

auto by using the local-user password-display-mode auto command, however, are displayed as

defined by the password command.

• The access-limit command confi

ured for a local user takes effect only when local accountin

is used.

• With an authentication method that requires the username and password, includin

local authentication

and RADIUS authentication, the commands that a login user can use after logging in depend on the

level of the user. With other authentication methods, which commands are available depends on the

level of the user interface. For an SSH user usin

public key authentication, the commands that can be

used depend on the level configured on the user interface. For more information about authentication

method and commands accessible to user interfaces, see

System Management Configuration Guide.

Configuring user group attributes

User groups simplify local user configuration and management. A user group comprises a group of local

users and has a set of local user attributes. You can configure local user attributes for a user group to

implement centralized user attributes management for the local users in the group. Configurable user

attributes include authorization attributes.

By default, every newly added local user belongs to the system default user group system and bears all

attributes of the group. User group system is automatically created by the LB module.

Follow these steps to configure the attributes for a user group:

To do… Use the command…

Remarks

Enter system view system-view —

Create a user group and enter

user group view

user-group group-name Required