Super password & only super

The functions of simple and cipher parameters are the same to compatible with historical versions.

simple / cipher: Is the password for the target user level after user switching.

Character string type.

• The password must contain at least x characters. The maximum value is 15 characters and the default value is 6 characters. You can run the system user password security-length command to change the value of “x”.
• If you select simple, the password must be a plaintext and the length range is x-15 characters. It must contain at least one digit, one letter and an no question mark (?).
• If you select cipher, the password can be a 24-58 characters ciphertext. The password is generated in the system and saved in the configuration file. For example, the password can be *.”S7-EY’OZ’=Y;ES7>GS+\/P>I8:021_”<^6,6DE.7.”3(Q$7XD:28Q3*. The password can also be a plaintext with the length range x-15 characters. When the password is a plaintext, it must at least contain one digit and one letter but cannot contain any question mark (?). for example, pass123.

read: Specifies the target user level after user switching to read. A user that has the read permission can run only query commands. To control the permission of maintenance personnel, use this parameter. After the setting, configuration changes due to misoperations performed by maintenance personnel can be prevented and therefore service interruption is prevented.

write: Specifies the target user level after user switching to write. A user that has the write permission can run commands that have the same or lower level than the target level.

The super password command apply Administrator level & Privilege mode.

Super password Example:

Assume that the current user level is 2 and the plaintext password is pass123 configured in cipher mode. To configure the password for user level 1 to switch the common user level to an operator level and set the permission to write through password authentication, do as follows:

BD-Huawei#super password
{ level<K> }:level
{ level<U><0,2> }:1
{ cipher<K>|simple<K> }simple
{ simple<S><Length 6-15> }:pass123
{ <cr>|read<K>|write<K> }:write
Command:
super password level 1 simple pass123 write

Assume that the current user level is 2 and the plaintext password is pass234 configured in cipher mode. To configure the password for user level 1 to switch the common user level to an operator level and set the permission to read through password authentication, do as follows:

BD-Huawei#super password
{ level<K> }:level
{ level<U><0,2> }:1
{ cipher<K>|simple<K> }cipher
{ cipher<S><Length 6-15,24-58> }:pass234
{ <cr>|read<K>|write<K> }:read
  Command:
    super password level 1 cipher pass234 read

To cancel the password configured for user level 1 that is switched for the current user level and the permission is read, or to forbid switching from a lower user level to an upper user level, do as follows:

BD-Huawei#undo super
{ password<K> }:password
{ level<K> }:level
{ level<U><0,2> }:1
{ <cr>|read<K>|write<K> }:read
  Command:
    undo super password level 1 read

[bodyads]

System Response:

• The system does not display any message after the super password command is executed successfully

super:

super command is used to change (raise or lower) the user level and read and write permissions of a user. The user level and read and write permissions determine the permission for a user to run a command.

NOTE:

The user level refers to the category of permissions for users. The permission has three levels and is in mapping relationship with the command level. That is, after users of different levels log in to the system, they can use commands with levels equal to or lower than their user levels.

Each user level has the read only or read and write permissions. After switching to read only permission, a user can only run query commands. After a user logs in to the system, the default permission is read and write.

Format:

super [level ] [ read | write ]

Usage Guidelines:

• When you do not specify the value of the parameter level, the default level is 2, that is, the administrator level.
• When you do not enter read or write, the default permission write is used.
• When this command is being executed, the system verifies the user password.
  • If the target user level after switching is higher than the current user level, you must enter the password for the target user level. If the password is configured and you enter it correctly, the switching is successful; if no password is configured for the higher user level, the system displays a message stating that access is rejected. You need use super password command to configure the password for the higher user level which is switched from a lower user level.
  • If the command set of the target user level and attributes after switching is contained in the command set of the current user level and attributes (for details about the command set division, see “Usage Guidelines” in the super password command), you need not enter the password for the target user level and you can directly switch the user level. If the user level is raised again after being lowered, you need to enter the password of the higher user level.
• If the password verification is successful, the dynamic switching of the user level is performed. Other terminals are not affected because only the current user level is switched.
• If you log in to the system again after switching to a higher user level, you need to run this command again to switch to the target user level, that is, the switched-to user level does not retain after another login.

Example:

Assume that the current user is a common user (level is 0), the user level corresponding to the command to be executed is 1, the command is a configuration command, and the save operation is required. To change the current user level to read and write level 1 , do as follows:

BD-Huawei>super
{ <cr>|level<U><0,2>|read<K>|write<K> }:1
{ <cr>|read<K>|write<K> }:write
  Command:
          super 1 write
  Password:
  Now user privilege is 1 level, and only those commands whose level is
  equal to or less than this level can be used.
  Privilege note: 0-COMUSER_LEVEL, 1-OPERATOR_LEVEL, 2-ADMINISTRATOR_LEVEL

Assume that the current user is a common user (level is 0), the user level corresponding to the command to be executed is 1, the command is a query command, and the configuration permission for level 1 commands is not required. To change the current user level to read level 1, do as follows:

BD-Huawei>super
{ <cr>|level<U><0,2>|read<K>|write<K> }:1
{ <cr>|read<K>|write<K> }:read
  Command:
          super 1 read
  Password:
  The user privilege is of level 1 and the attribute is read only. The user
  can run query commands of level 1 and all the commands of level 0.
  Privilege note: 0-COMUSER_LEVEL, 1-OPERATOR_LEVEL, 2-ADMINISTRATOR_LEVEL

System Response:

The system displays the message “Now user privilege is x level, and only those commands whose level is equal to or less than this level can be used. Privilege note:

• 0-COMUSER_LEVEL,
• 1-OPERATOR_LEVEL,
• 2-ADMINISTRATOR_LEVEL”

after this command is executed successfully. “x” indicates the target level of the current user.