R0106-HP MSR Router Series Security Command Reference(V7)
42
In non-FIPS mode, a non-password-protected user passes authentication if the user provides the correct
username and passes attribute checks. To enhance security, configure a password for each local user. In
FIPS mode, only password-protected users can pass authentication.
Device management users support plaintext and hashed passwords. Network access users support
plaintext and ciphertext passwords. For security purposes, all passwords, including passwords
configured in plain text, are saved in ciphertext, hashed or encrypted.
Examples
# Set the password of the device management user user1 to 123456TESTplat&! in plain text.
<Sysname> system-view
[Sysname] local-user user1 class manage
[Sysname-luser-manage-user1] password simple 123456TESTplat&!
# Set the password of the device management user test in interactive mode.
<Sysname> system-view
[Sysname] local-user test class manage
[Sysname-luser-manage-test] password
Password:
Confirm :
# Set the password of the network access user user2 to 123456TESTu se r&! in plain text.
<Sysname> system-view
[Sysname] local-user user2 class network
[Sysname-luser-network-user2] password simple 123456TESTuser&!
Related commands
• display local-user
• local-user password-display-mode
service-type
Use service-type to specify the service types that a local user can use.
Use undo service-type to delete service types configured for a local user.
Syntax
In non-FIPS mode:
service-type { ftp | lan-access | { ssh | telnet | terminal } * | portal | ppp }
undo service-type { ftp | lan-access | { ssh | telnet | terminal } * | portal | ppp }
In FIPS mode:
service-type { lan-access | { ssh | terminal } * | portal | ppp }
undo service-type { lan-access | { ssh | terminal } * | portal | ppp }
Default
A local user is authorized with no service and cannot use any service.
Views
Local user view