H3C Technologies H3C S12500-X Series Switches User Manual

19

•

Binding attributes—Binding attributes control the scope of users, and are checked during local

authentication of a user. If the attributes of a user do not match the binding attributes configured for
the local user account, the user cannot pass authentication. Binding attributes include the IP address,

access port, MAC address, and native VLAN. For support and usage information about binding

attributes, see "

698H

Configuring local user attributes

."

•

Authorization attributes—Authorization attributes indicate the user's rights after it passes local
authentication. Authorization attributes include the ACL, idle cut function, user role, VLAN, and
FTP/SFTP work directory. For support information about authorization attributes, see "

699H

Configuring

local user attributes

."

Configure the authorization attributes based on the service type of local users.
You can configure an authorization attribute in user group view or local user view to make the
attribute effective for all local users in the group or for only the local user. The setting of an

authorization attribute in local user view takes precedence over the attribute setting in user group

view.

•

Password control attributes—Password control attributes help control password security for device

management users. Password control attributes include password aging time, minimum password
length, password composition checking, password complexity checking, and login attempt limit.
You can configure a password control attribute in system view, user group view, or local user view,
making the attribute effective for all local users, local users in a group, or only the local user. A

password control attribute with a smaller effective range has a higher priority. For more

information about password management and global password configuration, see "

700H

Configuring

password control

."

351B

Local user configuration task list

Tasks at a glance

(Required.)

701H

Configuring local user attributes

(Optional.)

702H

Configuring user group attributes

(Optional.)

703H

Displaying and maintaining local users and local user groups

352B

Configuring local user attributes

Follow these guidelines when you configure local user attributes:

•

When you use the password-control enable command to globally enable the password control
feature, local user passwords are not displayed.

•

The authentication mode of user interfaces is set by the authentication-mode command in user line

view and affects access to commands for login users. In AAA (scheme) mode, the authorized user
role determines the commands available for each login user. In password (password) or no

authentication (none) mode, the user role of respective user interfaces determines the commands

available for the login users. The user role of respective user interfaces also determines the

commands available for the public key authenticated SSH users. For more information about the
authentication mode and user roles for user interfaces, see Fundamentals Configuration Guide.

•

You can configure authorization attributes and password control attributes in local user view or user
group view. The setting in local user view takes precedence over the setting in user group view.

To configure local user attributes:

Step Command

Remarks

1.

Enter system view.

system-view

N/A