realm-name-delimiter

Function

The realm-name-delimiter command configures the realm name delimiter used to parse the user account.

The undo realm-name-delimiter command restores the default realm name delimiter.

By default, no realm name delimiter is configured.

Format

realm-name-delimiter delimiter

undo realm-name-delimiter

Parameters

Parameter	Description	Value
delimiter	Specifies the realm name delimiter. The value is a character.	The following characters can be used as the realm name delimiter: \/:<>\|@%'.

Parameter

Description

Value

delimiter

Specifies the realm name delimiter. The value is a character.

The following characters can be used as the realm name delimiter: \/:<>|@%'.

Views

AAA view

Default Level

3: Management level

Task Name and Operations

Task Name	Operations
aaa	write

Usage Guidelines

Usage Scenario

The device supports the realm name delimiter and the domain name delimiter, so the VRP can parse the account that contains two delimiters. If one delimiter cannot be found, the VRP searches for the other one.

The realm name can be the same as the domain name delimiter.

Configuration Impact

Realm indicates a login user's physical location. After the realm function is configured on a device, the device parses the realm name delimiter first when parsing a user account. If the realm name delimiter is the same as the domain name delimiter, the domain name may fail to be parsed, affecting the user's login.

Assume that a user account root@abc exists.

If the realm commands are not configured, the device parses the user account and obtains the user name root and domain name abc. After that, the device authenticates and authorizes the user based on the authentication and authorization configurations in the domain abc. After being authenticated, the user can log in to the device.
If the realm commands are configured and a realm name delimiter @ is configured, the device parses the realm name delimiter first. When a user uses the account root@abc to log in, @ is considered a realm name delimiter. The device parses the account and obtains the user name root without the domain name and authenticates and authorizes the user based on the default_admin domain configurations. The user is not authenticated.

Example

# Configure / as the realm name delimiter.

<HUAWEI> system-view
[~HUAWEI] aaa
[~HUAWEI-aaa] realm-name-delimiter /