Authentication
Notes
Users can be created locally on a Junos device. Each user must have a password set. This may be done with the plain-text-password keyword.
This can be misleading. This does not mean the password is stored in plain text. It means that you’re about to enter the password in plain text. Once the password is entered, it is encrypted and stored in config.
Additionally, each user needs to have a class set. Classes define the level of permissions the user has, such as what commands they can run.
There are several built-in classes, but custom classes are also supported.
- operator
- read-only
- super-user
- unauthorized
Common login class permissions include:
- System – See system level information, including the configuration of the system hierarchy
- View-configuration – Can view all the hierarchy (with some small exceptions)
- Network – Access network commands (ping, traceroute, telnet, ssh)
- Configure – Enable entering configuration mode
- Firewall – Can view firewall configuration
- Interface – Can view interface configuration
Command Summary
| Command | Mode | Description |
|---|---|---|
| set system login user | Configuration | Create a new user |
| set system login user NAME class | Configuration | Set a user’s class |
| set system login class | Configuration | Create a new class |
| set system login class NAME permissions | Configuration | Assign permissions to a class |
| set system login class NAME allow-command | Configuration | Allows specific command |
| set system radius-server | Configuration | Configure a RADIUS server |
| set system authentication-order | Configuration | Set the method of authentication used, and optional fallback |