Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Configure User Accounts in a Configuration Group

To make it easier to configure the same user accounts on multiple devices, configure the accounts inside of a configuration group. The examples shown here are in a configuration group called global. Using a configuration group for your user accounts is optional.

To create a user account:

  1. Add a new user, using the user’s assigned account login name.
  2. (Optional) Configure a descriptive name for the account.

    If the name includes spaces, enclose the entire name in quotation marks.

    For example:

  3. (Optional) Set the user identifier (UID) for the account.

    As with UNIX systems, the UID enforces user permissions and file access. If you do not set the UID, the software assigns one for you. The format of the UID is a number between 100 and 64,000.

    For example:

  4. Assign the user to a login class.

    You can define your own login classes or assign one of the predefined login classes.

    The predefined login classes are as follows:

    • super-user—all permissions

    • operator—clear, network, reset, trace, and view permissions

    • read-only—view permissions

    • unauthorized—no permissions

    For example:

  5. Use one of the following methods to configure the user password:
    • To enter a clear-text password that the system encrypts for you, use the following command to set the user password:

      As you enter the password in plain text, the software encrypts it. You do not need to configure the software to encrypt the password. Plain-text passwords are hidden and marked as ## SECRET-DATA in the configuration.

    • To enter a password that is encrypted, use the following command to set the user password:

      CAUTION:

      Do not use the encrypted-password option unless the password is already encrypted and you are entering the encrypted version of the password.

      If you accidentally configure the encrypted-password option with a plain-text password or with blank quotation marks (" "), you will not be able to log in to the device as this user.

    • To load previously generated public keys from a named file at a specified URL location, use the following command:

    • To enter an SSH public string, use the following command:

  6. At the top level of the configuration, apply the configuration group.

    If you use a configuration group, you must apply it for it to take effect.

  7. Commit the configuration.
  8. To verify the configuration, log out and log back in as the new user.