для Cisco Cisco Packet Data Gateway (PDG)
Global Configuration Mode Commands (L-S)
local-user username ▀
Command Line Interface Reference, StarOS Release 16 ▄
5303
Important:
This limit applies only to the user’s CLI sessions.
Usage
The ability to configure administrative local-users is provided in support of the login security mechanisms
specified in ANSI T1.276-2003.
Like administrative users configured at the context level, local-users can be assigned one of 4 security levels:
specified in ANSI T1.276-2003.
Like administrative users configured at the context level, local-users can be assigned one of 4 security levels:
Local-User Level User
Context Level User
Security Administrator Administrator
Administrator
Config-Administrator
Operator
Operator
Inspector
Inspector
Local-user configuration support is handled differently from that provided for administrative users configured
at the context level.
Context-level administrative users rely on the system’s AAA subsystems for validating user names and
passwords during login. This is true for both administrative user accounts configured locally through a
configuration file or on an external RADIUS server. Passwords for these user types are assigned once and are
accessible in the configuration file.
Local-user account information (passwords, password history, lockout states, etc.) is maintained in non-
volatile memory and in the software’s Shared Configuration Task (SCT). This information is maintained in a
separate file – not in configuration files used by the system. As such, the configured local-user accounts are
not visible with the rest of the system configuration.
Local-user and context-level administrative accounts can be used in parallel.
at the context level.
Context-level administrative users rely on the system’s AAA subsystems for validating user names and
passwords during login. This is true for both administrative user accounts configured locally through a
configuration file or on an external RADIUS server. Passwords for these user types are assigned once and are
accessible in the configuration file.
Local-user account information (passwords, password history, lockout states, etc.) is maintained in non-
volatile memory and in the software’s Shared Configuration Task (SCT). This information is maintained in a
separate file – not in configuration files used by the system. As such, the configured local-user accounts are
not visible with the rest of the system configuration.
Local-user and context-level administrative accounts can be used in parallel.
Example
The following command configures a security-administrator level local-user administrative account for a user
named
named
User672
that has FTP privileges, a temporary password of
abc123
, and that does not lockout due to
either login attempt failures or password aging:
local-user username User672 authorization-level security-admin ftp no-
lockout-login-failure no-lockout-password-aging password abc123
lockout-login-failure no-lockout-password-aging password abc123
The following command deletes a previously configured local-user administrative account called admin32:
no local-user username admin32