H3C Technologies H3C S12500-X Series Switches User Manual
Page 33
21
Step Command
Remarks
8.
(Optional.) Configure
authorization attributes for
the local user.
authorization-attribute { acl
acl-number | idle-cut minute |
user-role role-name | vlan vlan-id |
work-directory directory-name } *
The following default settings apply:
•
No authorization ACL, idle
timeout period, or authorized
VLAN is configured for local
users.
•
FTP, SFTP, or SCP users are
authorized access to the root
directory of the device, but they
do not have the access
permission.
•
The network-operator user role is
assigned to local users that are
created by a network-admin or
level-15 user on the default MDC.
•
The mdc-operator user role is
assigned to local users that are
created by an mdc-admin or
level-15 user on a non-default
MDC.
For LAN users, only the settings for
acl, idle-cut, and vlan take effect.
For Telnet and terminal users, only
the setting for user-role takes effect.
For SSH and FTP users, only the
settings for user-role and
work-directory take effect.
For other types of local users, no
authorization attribute takes effect.
9.
(Optional.) Configure
password control attributes
for the local user.
•
Set the password aging time:
password-control aging
aging-time
•
Set the minimum password
length:
password-control length length
•
Configure the password
composition policy:
password-control composition
type-number type-number
[ type-length type-length ]
•
Configure the password
complexity checking policy:
password-control complexity
{ same-character | user-name }
check
•
Configure the maximum login
attempts and the action to take if
there is a login failure:
password-control login-attempt
login-times [ exceed { lock |
lock-time time | unlock } ]
Optional.
By default, the local user uses
password control attributes of the
user group to which the local user
belongs.
Only device management users
support the password control
function.