3com S7906E 설치 설명서
1-22
To do…
Use the command…
Remarks
Configure the authorization
attributes for the local user
attributes for the local user
authorization-attribute { acl
acl-number | callback-number
callback-number | idle-cut
minute | level level |
user-profile profile-name | vlan
vlan-id | work-directory
directory-name } *
acl-number | callback-number
callback-number | idle-cut
minute | level level |
user-profile profile-name | vlan
vlan-id | work-directory
directory-name } *
Optional
By default, no authorization
attribute is configured for a
local user.
attribute is configured for a
local user.
Set the expiration time of the local
user
user
expiration-date time
Optional
Not set by default
Specify the user group for the local
user
user
group group-name
Optional
By default, a local user
belongs to the default user
group system.
belongs to the default user
group system.
Note that:
z
With the local-user password-display-mode cipher-force command configured, a local user
password is always displayed in cipher text, regardless of the configuration of the password
command. In this case, if you use the save command to save the configuration, all existing local
user passwords will still be displayed in cipher text after the device restarts, even if you restore the
display mode to auto.
z
The access-limit command configured for a local user takes effect only when local accounting is
used.
z
Local authentication checks the service types of a local user. If the service types are not available,
the user cannot pass authentication.
z
With an authentication method that requires the username and password, including local
authentication, RADIUS authentication, and HWTACACS authentication, the commands that a
login user can use after logging in depend on the level of the user. With other authentication
methods, which commands are available depends on the level of the user interface. For an SSH
user using public key authentication, the commands that can be used depend on the level
configured on the user interface. For details about authentication method and commands
accessible to user interface, refer to Login Configuration in the System Volume.
z
Binding attributes are checked upon authentication of a local user. If the checking fails, the user
fails the authentication. Therefore, be cautious when deciding which binding attributes should be
configured for a local user.
z
Every configurable authorization attribute has its definite application environments and purposes.
Therefore, when configuring authorization attributes for a local user, consider what attributes are
needed.
Configuring User Group Attributes
The concept of user group is introduced to simplify local user configuration and manageability. A user
group consists of a group of local users and has a set of local user attributes. You can configure local
user attributes for a user group to implement centralized management of user attributes for the local
users in the group. Currently, you can configure password control attributes and authorization attributes
for a user group.
By default, every newly added local user belongs to a user group named system and bears all attributes
of the group. User group system is automatically created by the device.