R3721-F3210-F3171-HP High-End Firewalls Access Control Configuration Guide-6PW101

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module

171

172

173

174

175

176

177

178

179

180

166

Configuring local user attributes

Follow these guidelines when you configure the local user attributes:

• On a firewall supporting the password control feature, local user passwords are not displayed, and

the local-user password-display-mode command is not effective.

• If you configure the local-user password-display-mode cipher-force command, all existing local

user passwords are displayed in cipher text, regardless of the configuration of the password

command. If you also save the configuration and restart the firewall, all existing local user

passwords are always displayed in cipher text, no matter how you configure the local-user

password-display-mode command or the password command. The passwords configured after

you restore the display mode to auto by using the local-user password-display-mode auto

command, however, are displayed as defined by the password command.

• The access-limit command configured for a local user takes effect only in the case of local

accounting.

• If the user interface authentication mode (set by the authentication-mode command in user

interface view) is AAA (scheme), which commands a login user can use after login depends on the

privilege level authorized to the user. If the user interface authentication mode is password

(password) or no authentication (none), which commands a login user can use after login depends

on the level configured for the user interface (set by the user privilege level command in user

interface view). For an SSH user using public key authentication, which commands are available

depends on the level configured for the user interface. For more information about user interface

authentication mode and user interface command level, see Getting Started Guide.

• You can configure the user profile authorization attribute in both local user view and ISP domain

view. The setting in local user view takes precedence.

To configure attributes for a local user:

Step Command Remarks

1. Enter system view. system-view N/A

2. Set the password display

mode for all local users.

local-user password-display-mode

{ auto | cipher-force }

Optional.

The default password display

mode is auto for all local users,

indicating to display the

password of a local user in the

way defined by the password

command.

3. Add a local user and enter

local user view.

local-user user-name N/A