Manualshelf

HP VPN Firewall Appliances Access Control Configuration Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
201202203204205206207208209210
203
Configuring user group attributes
User groups simplify local user configuration and management. A user group comprises a group of local
users and has a set of local user attributes. You can configure local user attributes for a user group to
implement centralized user attributes management for the local users in the group. Configurable user
attributes include password control attributes and authorization attributes.
By default, every newly added local user belongs to the default user group system and bears all attributes
of the group. To assign a local user to a different user group, use the user-group command in local user
view.
To configure attributes for a user group:
Ste
p
Command
Remarks
1. Enter system view.
system-view N/A
2. Create a user group
and enter user group
view.
user-group group-name N/A
3. Configure password
control attributes for
the user group.
Set the password aging time:
password-control aging aging-time
Set the minimum password length:
password-control length length
Configure the password composition
policy:
password-control composition
type-number type-number
[ type-length type-length ]
Optional.
By default, the user group uses
global settings, including a 90-day
password aging time, a minimum
password length of 10 characters,
and at least one password
composition type and at least one
character required for each
password composition type.
The password must contain at least
8 characters.
In FIPS mode, the composition
type-number must be 4.
4. Configure
authorization attributes
for the user group.
authorization-attribute { acl acl-number |
callback-number
callback-number | idle-cut minute | level
level | vlan vlan-id | work-directory
directory-name } *
Optional.
By default, no authorization
attribute is configured for a user
group.
5. Set the guest attribute
for the user group.
group-attribute allow-guest
Optional.
By default, the guest attribute is not
set for a user group, and guest
users created by a guest manager
through the Web interface cannot
join the group.