Access - HP ProCurve 9304M Security Manual

continue to use the privilege level passwords and the SNMP community strings as additional means of access
authentication. Alternatively, you can choose not to use local user accounts and instead continue to use only the
privilege level passwords and SNMP community strings. Local user accounts are backward-compatible with
configuration files that contain privilege level passwords. See "Setting Passwords for Management Privilege
Levels" on page 2-14.
If you configure local user accounts, you also need to configure an authentication-method list for Telnet access,
Web management access, and SNMP access. See "Configuring Authentication-Method Lists" on page 2-54.
For each local user account, you specify a user name. You also can specify the following parameters:
• A password
• A management privilege level, which can be one of the following:
• Super User level – Allows complete read-and-write access to the system. This is generally for system
administrators and is the only privilege level that allows you to configure passwords. This is the default.
• Port Configuration level – Allows read-and-write access for specific ports but not for global (system-wide)
parameters.
• Read Only level – Allows access to the Privileged EXEC mode and CONFIG mode but only with read

access.

Configuring a Local User Account
To configure a local user account, use one of the following methods.
USING THE CLI
To configure a local user account, enter a command such as the following at the global CONFIG level of the CLI.
ProCurveRS(config)# username wonka password willy
This command adds a local user account with the user name "wonka" and the password "willy". This account has
the Super User privilege level; this user has full access to all configuration and display features.
NOTE: If you configure local user accounts, you must grant Super User level access to at least one account
before you add accounts with other privilege levels. You need the Super User account to make further
administrative changes.
ProCurveRS(config)# username waldo privilege 5 password whereis
This command adds a user account for user name "waldo", password "whereis", with the Read Only privilege
level. Waldo can look for information but cannot make configuration changes.
Syntax: [no] username <user-string> privilege <privilege-level> password | nopassword <password-string>
The privilege parameter specifies the privilege level for the account. You can specify one of the following:
• 0 – Super User level (full read-write access)
• 4 – Port Configuration level
• 5 – Read Only level
The default privilege level is 0. If you want to assign Super User level access to the account, you can enter the
command without privilege 0, as shown in the command example above.
The password | nopassword parameter indicates whether the user must enter a password. If you specify
password, enter the string for the user's password.
NOTE: You must be logged on with Super User access (privilege level 0) to add user accounts or configure other
access parameters.
To display user account information, enter the following command:
ProCurveRS(config)# show users
June 2005
Securing Access to Management Functions
2 - 17