Manualshelf

R2511-HP MSR Router Series Security Configuration Guide(V5)

ManualsBrandsHP ManualsNetwork HardwareHP MSR1003-8 AC Router
31323334353637383940
26
Ste
p
Command
Remarks
12. Assign the local user to a
user group.
group group-name
Optional.
By default, a local user belongs to the
default user group system.
Configuring user group attributes
User groups simplify local user configuration and management. A user group comprises a group of local
users and has a set of local user attributes. You can configure local user attributes for a user group to
implement centralized user attributes management for the local users in the group. Configurable user
attributes include password control attributes and authorization attributes.
By default, every newly added local user belongs to the default user group system and bears all attributes
of the group. To assign a local user to a different user group, use the user-group command in local user
view.
To configure attributes for a user group:
Ste
p
Command
Remarks
13. Enter system view.
system-view N/A
14. Create a user group and enter
user group view.
user-group group-name N/A
15. Configure password control
attributes for the user group.
Set the password aging time:
password-control aging
aging-time
Set the minimum password
length:
password-control length length
Configure the password
composition policy:
password-control composition
type-number type-number
[ type-length type-length ]
Optional.
By default, the user group uses the
following global settings:
A 90-day password aging
time.
A minimum password length of
10 characters.
In non-FIPS mode, at least one
character type and at least one
character for each type.
In FIPS mode, four character
types and at least one
character for each type.
In FIPS mode, the value for the
type-number argument must be 4.
For more information about the
password control attribute
commands, see Security
Command Reference.
16. Configure authorization
attributes for the user group.
authorization-attribute { acl
acl-number | callback-number
callback-number | idle-cut minute
| level level | user-profile
profile-name | vlan vlan-id |
work-directory directory-name } *
Optional.
By default, no authorization
attribute is configured for a user
group.