HP 200 Unified Threat Management (UTM) Appliance specs

Configuring the authentication parameters for user privilege level switching

A user can switch to a lower privilege level without authentication. To switch to a higher privilege level, however, a user must provide the privilege level switching authentication information (if any). Table 29 shows the privilege level switching authentication modes supported by the device.

Table 29 Privilege level switching authentication modes

Authentication mode	Keywords	Description
Local password		The device uses the locally configured passwords for privilege level
Local password		switching authentication.
authentication only	local	switching authentication.
authentication only	local	To use this mode, you must set the passwords for privilege level
(local-only)
(local-only)		switching using the super password command.
		switching using the super password command.

		The device sends the username and password for privilege level
		switching to the HWTACACS or RADIUS server for remote
		authentication.
Remote AAA		To use this mode, you must perform the following configuration tasks:
authentication through
authentication through	scheme	• Configure the required HWTACACS or RADIUS schemes and
HWTACACS or	scheme	• Configure the required HWTACACS or RADIUS schemes and
HWTACACS or		configure the ISP domain to use the schemes for users. For more
RADIUS
RADIUS		information, see Access Control Configuration Guide.
		information, see Access Control Configuration Guide.
		• Add user accounts and specify the user passwords on the
		HWTACACS or RADIUS server.

Local password		The device first uses the locally configured passwords for privilege
authentication first and	local	level switching authentication. If no local password is set, the device
then remote AAA	scheme	allows console users to switch their privilege levels without
authentication		authentication, but performs AAA authentication for VTY users.

Remote AAA		AAA authentication is performed first, and if the remote HWTACACS
authentication first and	scheme
authentication first and	scheme	or RADIUS server does not respond or AAA configuration on the
then local password	local
then local password	local	device is invalid, the local password authentication is performed.
authentication
authentication

To configure the authentication parameters for a user privilege level:

Step		Command	Remarks
1.	Enter system view.	system-view	N/A

2.	Set the authentication	super authentication-mode	Optional.
	mode for user privilege	super authentication-mode	Optional.
	mode for user privilege	{ local scheme } *	By default, local-only authentication is used.
	level switching.	{ local scheme } *	By default, local-only authentication is used.

			If local authentication is involved, this step is
3.	Configure the password	super password [ level	required.
3.	Configure the password	super password [ level	By default, a privilege level has no password.
	for the user privilege	user-level] { cipher	By default, a privilege level has no password.
	for the user privilege	user-level] { cipher
	level.	simple } password	If no user privilege level is specified when you
			configure the command, the user privilege

level defaults to 3.

If local-only authentication is used, a console user interface user can switch to a higher privilege level, even if the privilege level has not been assigned a password.

137

HP 200 Unified Threat Management (UTM) Appliance Privilege level switching authentication modes

Models: 200 Unified Threat Management (UTM) Appliance

Table 29 Privilege level switching authentication modes

Authentication mode

Keywords

Description

information, see Access Control Configuration Guide.

Command