Manualshelf

HP MSR2000/3000/4000 Router Series Fundamentals Configuration Guide

ManualsBrandsHP ManualsNetwork HardwareHP MSR3024 TAA-compliant AC Router
31323334353637383940
24
Assigning user roles to non-AAA authentication users on user
lines
Specify user roles for the following two types of login users on the user lines:
Users that use password authentication or no authentication.
SSH clients that use publickey or password-publickey authentication. User roles assigned to these
SSH clients are specified in their respective local management user accounts.
For more information about user lines, see "Login overview" and "Logging in to the CLI." For more
information about SSH, see Security Configuration Guide.
To assign a user role to non-AAA authentication users on a user line:
Ste
p
Command
Remarks
1. Enter system view.
system-view N/A
2. Enter user line view.
line { first-num1 [ last-num1 ] |
{ aux | console | tty | vty }
first-num2 [ last-num2 ] }
N/A
3. Specify a user role on the
user line.
user-role role-name
Repeat this step to specify up to 64
user roles on a user line.
By default, network-admin is specified
on the console/AUX user line, and
network-operator is specified on any
other user line.
The device does not assign the
security-audit user role to the users
who are logged in to the device
through the current user line.
Configuring temporary user role authorization
Temporary user role authorization allows you to obtain a temporary user role without reconnecting to the
device. This function is useful when you want to use a user role temporarily to configure a feature.
Temporary user role authorization is effective only on the current login. It does not change the user role
settings in the user account that you have been logged in with. The next time you are logged in with the
user account, the original user role settings take effect.
Configuration guidelines
To enable users to obtain temporary user role authorization, you must configure user role
authentication. Table 7 de
scribes the available authentication modes and configuration
requirements.
If no password is configured for a user role in the local password authentication, a console or AUX
user can obtain the user role by either entering a string or not entering anything.
Local password authentication is available for all user roles, but remote AAA authentication is
available only for level-n user roles.