Configuring Aaa Schemes; Configuring Local Users - HP A5830 Series Configuration Manual

Configuring AAA schemes

Configuring local users

To implement local user authentication, authorization, and accounting, you must create local users and
configure user attributes on the switch. The local users and attributes are stored in the local user
database on the switch. A local user is uniquely identified by a username. Configurable local user
attributes are as follows:
Service type
Types of services that the user can use. Local authentication checks the service types of a local user. If
none of the service types is available, the user cannot pass authentication.
Service types include FTP, LAN access, SSH, Telnet, Terminal, and Web.
User state
Indicates whether a local user can request network services. There are two user states: active and
blocked. A user in the active state can request network services, but a user in the blocked state cannot.
Maximum number of users using the same local account
Indicates how many users can use the same local user account for local authentication.
Validity time and expiration time
Indicates the validity time and expiration time of a local user account. A user must use a valid local user
account to pass local authentication. When some users need to access the network temporarily, you can
create a guest account and specify a validity time and an expiration time for the account to control the
validity of the account.
User group
Each local user belongs to a local user group and bears all attributes of the group, such as the password
control attributes and authorization attributes. For more information about local user groups, see
"Configuring user group
Binding attributes
Binding attributes are used to control the scope of users. They are checked during local authentication of
a user. If the attributes of a user do not match the binding attributes configured for the local user
account, the user cannot pass authentication. Binding attributes include the ISDN calling number, IP
address, access port, MAC address, and native VLAN. For more information about binding attributes,
see "Configuring local user
configure for a local user.
Authorization attributes
Authorization attributes indicate the rights that a user has after passing local authentication.
Authorization attributes include the ACL, PPP callback number, idle cut function, user level, user role,
user profile, VLAN, and FTP/SFTP work directory. For more information about authorization attributes,
see "Configuring local user
Every configurable authorization attribute has its definite application environments and purposes. When
you configure authorization attributes for a local user, consider which attributes are needed and which
are not.
attributes."
attributes." Be careful when you when decide which binding attributes to
attributes."
16