24
Step Command Remarks
3. Configure a password for
the local user.
• In non-FIPS mode:
password [ [ hash ]
{ cipher | simple }
password ]
• In FIPS mode:
password
Optional.
A local user with no password
configured directly passes
authentication after providing the valid
local username and attributes. To
enhance security, configure a
password for each local user.
If you do not specify any parameter,
you enter the interactive mode to set a
plaintext password string. The
interactive mode is available only on
devices that support the password
control feature.
In FIPS mode, you can configure a
password only in interactive mode.
4. Assign service types to
the local user.
• In non-FIPS mode:
service-type { dvpn | ftp |
lan-access | { pad | ssh |
telnet | terminal } * | portal
| ppp | web }
• In FIPS mode:
service-type { lan-access |
{ ssh | terminal } * | portal |
ppp | web }
By default, no service is authorized to
a local user.
The
ftp
and
telnet
keywords are not
supported in FIPS mode.
5. Place the local user to the
active or blocked state.
state
{
active
|
block
}
Optional.
By default, a created local user is in
active state and can request network
services.
6. Set the maximum number
of concurrent users of the
local user account.
access-limit
max-user-number
Optional.
By default, there is no limit to the
maximum number of concurrent users
of a local user account.
The limit is effective only on local
accounting, and is not effective on
FTP users.
7. Configure password
control attributes for the
local user.
• Set the password aging
time:
password-control aging
aging-time
• Set the minimum password
length:
password-control length
length
• Configure the password
composition policy:
password-control
composition type-number
type-number [ type-length
type-length ]
Optional.
By default, the local user uses
password control attributes of the user
group to which the local user belongs,
and uses the global setting for any
password control attribute that is not
configured in the user group. The
system provides the following default
global settings:
• A 90-day password aging time.
• A minimum password length of
10 characters.
• In non-FIPS mode, at least one
character type and at least one
character for each type.
• In FIPS mode, four character
types and at least one character
for each type.
In FIPS mode, the value for the
type-number argument must be 4.
To Next Page
Loading...
Need help?
General
