H3C Technologies H3C Intelligent Management Center User Manual
Page 131
122
Cancelled. For more information about the advanced query function, see "
", "
."
{
Estimated Authorized Time Range—Set the estimated authorized time range for authorized time
range policies. At every 00:00, TAM computes the permitted access period in the estimated
time range for each authorized time range policy, and stores the result in a temporary table.
Then TAM checks the authorization policy used by each authenticating device user for the
authorized time range policy, and searches the table to determine whether the user can log in
to the device in the current period. A large value can affect system performance. H3C
recommends that you use the default value of 3 days.
{
Log Lifetime—Specify how long TAM keeps the user authentication, authorization, and audit
logs in TAM. TAM automatically deletes the logs that exceed the log lifetime at 00:00 every
day.
{
Displays Key In—Select the way in which TAM displays the password: Plaintext or Ciphertext.
If you select Plaintext, the password is displayed in plain text. If you select Ciphertext, the
password is displayed as a series of asterisks (******), and you must enter the same password
twice to configure the password. This parameter applies to the following passwords of device
users: login password, privilege-increase password, and RSA authentication password.
{
LDAP Synchronization Time—Set the time when TAM starts to synchronize the LDAP users every
day. Use 24-hour time, for example, 15 representing 3 p.m.
{
LDAP User Move Between Servers—Options are:
−
Enable—Allow the synchronized LDAP users to move between different LDAP servers.
Enable the function if user data must be moved to a new LDAP server due to job reallocation
or similar reasons.
−
Disable—Disable the function.
{
LDAP Pre-Synchronization Time (O'clock)—Select one or more time points to execute
pre-synchronization every day. Pre-synchronizing users from the LDAP server to IMC can
improve on-demand synchronization efficiency. H3C recommends that you set the time to a time
when the system is relatively idle, for example, 06:00 to 08:00 every day.
{
Prompt for User Name—Set the message sent to users for entering the username when the users
log in to the device.
{
Prompt for Password—Set the message sent to users for entering the password when the users
log in to the device.
{
Account name excluded the last separator and the previous contents—In some cases, the
account name that a device user enters at login has a prefix (such as LDAP domain name). If you
select this option, TAM excludes the last separator and the previous contents and compares it
with the local account name when verifying the account name. For example, if a user enters the
account name h3c\test\tom and separator \, TAM uses tom for account name verification.
{
Account name excluded the first separator and the subsequent contents—In some cases, the
account name that a device user enters at login has a suffix (such as TACACS domain name).
If you select this option, TAM excludes the first separator and the subsequent contents and
compares it with the local account name when verifying the account name. For example, if a
user enters the account name user@test@h3c and separator @, TAM uses tom for account
name verification.
IMPORTANT:
If you enable Account name excluded the first separator and Account name excluded the last separator,
the first option applies first, and then this option applies.