Manuals / Juniper Networks / Computer Equipment / Network Router

Juniper Networks J-Series manual User Authentication Overview, User Accounts

Models: J-Series

1 332
Download 332 pages 610 b
Page 26
Image 26

J-series™ Services Router Administration Guide

User Authentication Overview

This section contains the following topics:

User Authentication on page 4

User Accounts on page 4

Login Classes on page 5

Template Accounts on page 7

User Authentication

The JUNOS software supports three methods of user authentication: local password authentication, Remote Authentication Dial-In User Service (RADIUS), and Terminal Access Controller Access Control System Plus (TACACS+).

With local password authentication, you configure a password for each user allowed to log into the Services Router.

RADIUS and TACACS+ are authentication methods for validating users who attempt to access the router using Telnet. Both are distributed client/server systems—the RADIUS and TACACS+ clients run on the router, and the server runs on a remote network system.

You can configure the router to use RADIUS or TACACS+ authentication, or both, to validate users who attempt to access the router. If you set up both authentication methods, you also can configure which the router will try first.

User Accounts

User accounts provide one way for users to access the Services Router. Users can access the router without accounts if you configured RADIUS or TACACS+ servers, as described in “Managing User Authentication with Quick Configuration” on page 8 and “Managing User Authentication with a Configuration Editor” on page 12. After you have created an account, the router creates a home directory for the user. An account for the user root is always present in the configuration. For information about configuring the password for the user root, see the Getting Started Guide for your router. For each user account, you can define the following:

Username—Name that identifies the user. It must be unique within the router. Do not include spaces, colons, or commas in the username.

User's full name—If the full name contains spaces, enclose it in quotation marks (“ ”). Do not include colons or commas.

User identifier (UID)—Numeric identifier that is associated with the user account name. The identifier must be in the range 100 through 64000 and must be unique within the router. If you do not assign a UID to a username, the software assigns one when you commit the configuration, preferring the lowest available number.

User's access privilege—You can create login classes with specific permission bits or use one of the default classes listed in Table 6 on page 5.

Authentication method or methods and passwords that the user can use to access the router—You can use SSH or an MD5 password, or you can enter a plain-text

4User Authentication Overview

Page 25 Page 27
Page 26
Image 26
Juniper Networks J-Series manual User Authentication Overview, User Accounts
Page 25 Page 27