Manualshelf

HP Intelligent Management Center v5.1 TACACS+ Authentication Manager Administrator Guide

ManualsBrandsHP ManualsComputer AccessoriesHP IMC TACACS+ Authentication Manager additional 500-node E-LTU
41424344454647484950
43
6. Select a privilege level.
A privilege level corresponds to the default command set that a user can use after login. Users
cannot view and execute the commands not in the command set. Privilege levels vary depending
on vendors. HP recommends that you see the configuration guide of the device and select a
privilege level from privilege levels 0 through 15 provided by TAM.
7. Enter the idle time.
If a user does not perform any operation within the idle time, the user is forced to log out.
8. Enter the timeout.
Duration that a user can manage the device. If the timeout is reached, the user is forced to log out.
9. Enter the command to be automatically executed.
The command is automatically executed after user login. Only one command is supported.
10. Click Add Attribute.
A text box appears. Enter a custom attribute. For example, you only need to enter
ftp-directory=flash:/ if you want the user to use the default directory flash:/ after the user logs in
to the device through FTP. To delete the configured attribute, click Delete. To add another attribute,
click Add Attribute again. You can add up to five attributes. Custom attributes vary depending on
vendors. For more information, see the configuration guide of the device.
11. Enter a description for the shell profile to aid maintenance.
12. Click OK.
Deleting a shell profile
You cannot delete a shell profile that is being used by an authorization policy. To delete the shell profile,
remove the association between the shell profile and the authorization policy.
To delete a shell profile:
1. Click the Service tab.
2. Select TACACS+ AuthN Manager > Authorization Command > Shell Profiles from the navigation
tree.
The Shell Profile List displays all shell profiles.
3. Click the Delete icon for the shell profile you want to delete.
A confirmation dialog box appears.
4. Click OK.
Command set
A command set defines commands that can be executed and cannot be executed by device users.
To implement command set control on login users, configure a command set on the TAM server and
enable command authorization on the device.
After a device user logs in to the device, the user sends a request to the TAM server every time the user
executes a command. The TAM server determines whether the user can execute the command according
to the command set defined in the authorization policy and notifies the device whether the user can
execute the command or not.
When a command set works together with an authorized time range to control device users, the
command execution time applies. When a device user executes a command, the TAM server determines