The authentication-scheme command sets an authentication scheme for the current domain.
The undo authentication-scheme command restores the default setting.
By default, if the default1 accounting scheme is used for a domain, the default1 authentication mode is used; if the default0 accounting scheme is used for a domain, the default0 authentication mode is used; if the default_admin accounting scheme is used for a domain, the default authentication mode is used; if a user-defined accounting scheme is used for a domain, the default1 authentication mode is used.
| Parameter | Description | Value |
|---|---|---|
| scheme-name |
Specifies the name of an authentication scheme. |
The value is a string of 1 to 32 case-insensitive characters. The name of an authentication scheme must comply with the naming criterion of Windows, that is, characters such as \, /, :, *, ?, ", |, <, and > must be excluded from the name of an authentication scheme. |
Usage Scenario
After you use the authentication-scheme command to associate a domain with a certain authentication scheme, the system can use this authentication scheme for user authentication.
Before using the authentication-scheme command, ensure that an authentication scheme has been created.
Precautions
If the HWTACACS server is Down, unreachable, or does not respond in time, the command authorization fails, and no user can execute such command.
Command-line-based authorization is not associated with any authorization mode.
To configure command-line-based authorization for users at levels 3 to 15, set privilege-level to 3 in the authorization-cmd command for all such users if the command-privilege level rearrange command is not run in the system view, but set privilege-level to the specific level at which target users reside if the command-privilege level rearrange command is run in the system view. For example, to configure hwtacacs authorization for users at level 4, run the authorization-cmd 3 hwtacacs command if the command-privilege level rearrange command is not run, but run the authorization-cmd 4 hwtacacs command if the command-privilege level rearrange command is run.