authentication-scheme

Function

The authentication-scheme command sets an authentication scheme for the current domain.

The undo authentication-scheme command restores the default setting.

By default, if the default1 accounting scheme is used for a domain, the default1 authentication mode is used; if the default0 accounting scheme is used for a domain, the default0 authentication mode is used; if the default_admin accounting scheme is used for a domain, the default authentication mode is used; if a user-defined accounting scheme is used for a domain, the default1 authentication mode is used.

Format

authentication-scheme scheme-name

undo authentication-scheme

Parameters

Parameter Description Value
scheme-name

Specifies the name of an authentication scheme.

The value is a string of 1 to 32 case-insensitive characters. The name of an authentication scheme must comply with the naming criterion of Windows, that is, characters such as \, /, :, *, ?, ", |, <, and > must be excluded from the name of an authentication scheme.

Views

AAA domain view

Default Level

3: Management level

Task Name and Operations

Task Name Operations
aaa write

Usage Guidelines

Usage Scenario

After you use the authentication-scheme command to associate a domain with a certain authentication scheme, the system can use this authentication scheme for user authentication.

Before using the authentication-scheme command, ensure that an authentication scheme has been created.

Precautions

If the HWTACACS server is Down, unreachable, or does not respond in time, the command authorization fails, and no user can execute such command.

Command-line-based authorization is not associated with any authorization mode.

To configure command-line-based authorization for users at levels 3 to 15, set privilege-level to 3 in the authorization-cmd command for all such users if the command-privilege level rearrange command is not run in the system view, but set privilege-level to the specific level at which target users reside if the command-privilege level rearrange command is run in the system view. For example, to configure hwtacacs authorization for users at level 4, run the authorization-cmd 3 hwtacacs command if the command-privilege level rearrange command is not run, but run the authorization-cmd 4 hwtacacs command if the command-privilege level rearrange command is run.

Example

# Set the authentication scheme for the current domain to test.
<HUAWEI> system-view
[~HUAWEI] aaa
[~HUAWEI-aaa] authentication-scheme test
[*HUAWEI-aaa-authen-test] quit
[*HUAWEI-aaa] domain Huawei
[*HUAWEI-aaa-domain-huawei] authentication-scheme test
Parent Topic: AAA and User Management Configuration Commands (Administrative User)
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >