23
Binding attributes are used for controlling the scope of users. They are checked during local
authentication of a user. If the attributes of a user do not match the binding attributes configured
for the local user account, the user cannot pass authentication. Binding attributes include the
ISDN calling number, IP address, access port, MAC address, and native VLAN.
• Authorization attributes.
Authorization attributes indicate the rights that a user has after passing local authentication.
Authorization attributes include the ACL, PPP callback number, idle cut function, user level,
user role, user profile, VLAN, and FTP/SFTP work directory. For more information about
authorization attributes, see "Configuring local user attributes."
Every configu
rable authorization attribute has its definite application environments and
purposes. When you configure authorization attributes for a local user, consider which
attributes are needed and which are not. For example, for PPP users, you do not need to
configure the work directory attribute.
You can configure an authorization attribute in user group view or local user view to make the
attribute effective on all local users in the group or for only the local user. The setting of an
authorization attribute in local user view takes precedence over that in user group view.
Local user configuration task list
Task Remarks
Configuring local user attributes
Required.
Configuring user group attributes
Optional.
Displaying and maintaining local users and local user groups
Optional.
Configuring local user attributes
Follow these guidelines when you configure local user attributes:
• When the password control feature is enabled globally by using the password-control enable
command, local user passwords are not displayed.
• If the user interface authentication mode set by the authentication-mode command in user
interface view is AAA (scheme), which commands a login user can use after login depends on
the privilege level authorized to the user. If the user interface authentication mode is password
(password) or no authentication (none), which commands a login user can use after login
depends on the level configured for the user interface by using the user privilege level
command in user interface view. For an SSH user using public key authentication, which
commands are available depends on the level configured for the user interface. For more
information about user interface authentication mode and user interface command level, see
HPE FlexNetwork MSR Router Series Comware 5 Fundamentals Configuration Guide.
• You can configure the user profile authorization attribute in local user view, user group view, and
ISP domain view. The setting in local user view has the highest priority, and that in ISP domain
view has the lowest priority. For more information about user profiles, see "Configuring user
profiles."
• You cannot delete a local user who is the only security log manager in the system, nor can you
change or delete the security log manager role of the user. To do so, you must specify a new
security log manager first.
To configure local user attributes:
Step Command Remarks
1. Enter system view.
system-view
N/A
2. Add a local user and
enter local user view.
local-user
user-name By default, a local user exists.
To Next Page
Loading...
Need help?
General
