Local user configuration task list, Configuring local user attributes – H3C Technologies H3C SecPath F1000-E User Manual
Page 175
165
about binding attributes, see "
Configuring local user attributes
." Be cautious when deciding which
binding attributes to configure for a local user.
•
Authorization attributes:
Authorization attributes indicate the rights that a user has after passing local authentication.
Authorization attributes include the ACL, PPP callback number, idle cut function, user level, user
role, user profile, VLAN, and FTP/SFTP work directory. For more information about authorization
attributes, see "
Configuring local user attributes
."
Every configurable authorization attribute has its definite application environments and purposes.
When you configure authorization attributes for a local user, consider which attributes are needed
and which are not. For example, for PPP users, you do not need to configure the work directory
attribute.
You can configure an authorization attribute in user group view or local user view to make the
attribute effective for all local users in the group or for only the local user. The setting of an
authorization attribute in local user view takes precedence over that in user group view.
Local user configuration task list
Task Remarks
Configuring local user attributes
Required
Configuring user group attributes
Optional
Displaying and maintaining local users and local user groups
Optional
Configuring local user attributes
Follow these guidelines when you configure the local user attributes:
•
On a firewall supporting the password control feature, local user passwords are not displayed, and
the local-user password-display-mode command is not effective.
•
If you configure the local-user password-display-mode cipher-force command, all existing local
user passwords are displayed in cipher text, regardless of the configuration of the password
command. If you also save the configuration and restart the firewall, all existing local user
passwords are always displayed in cipher text, no matter how you configure the local-user
password-display-mode command or the password command. The passwords configured after
you restore the display mode to auto by using the local-user password-display-mode auto
command, however, are displayed as defined by the password command.
•
The access-limit command configured for a local user takes effect only in the case of local
accounting.
•
If the user interface authentication mode (set by the authentication-mode command in user
interface view) is AAA (scheme), which commands a login user can use after login depends on the
privilege level authorized to the user. If the user interface authentication mode is password
(password) or no authentication (none), which commands a login user can use after login depends
on the level configured for the user interface (set by the user privilege level command in user
interface view). For an SSH user using public key authentication, which commands are available
depends on the level configured for the user interface. For more information about user interface
authentication mode and user interface command level, see Getting Started Guide.
•
You can configure the user profile authorization attribute in both local user view and ISP domain
view. The setting in local user view takes precedence.
To configure attributes for a local user: