User authentication overview, User authentication, User accounts – Juniper Networks J-Series User Manual
Page 26: User authentication user accounts
User Authentication Overview
This section contains the following topics:
■
■
■
■
User Authentication
The JUNOS software supports three methods of user authentication: local password
authentication, Remote Authentication Dial-In User Service (RADIUS), and Terminal
Access Controller Access Control System Plus (TACACS+).
With local password authentication, you configure a password for each user allowed
to log into the Services Router.
RADIUS and TACACS+ are authentication methods for validating users who attempt
to access the router using Telnet. Both are distributed client/server systems—the
RADIUS and TACACS+ clients run on the router, and the server runs on a remote
network system.
You can configure the router to use RADIUS or TACACS+ authentication, or both,
to validate users who attempt to access the router. If you set up both authentication
methods, you also can configure which the router will try first.
User Accounts
User accounts provide one way for users to access the Services Router. Users can
access the router without accounts if you configured RADIUS or TACACS+ servers,
as described in “Managing User Authentication with Quick Configuration” on page
8 and “Managing User Authentication with a Configuration Editor” on page 12.
After you have created an account, the router creates a home directory for the user.
An account for the user
root
is always present in the configuration. For information
about configuring the password for the user
root
, see the Getting Started Guide for
your router. For each user account, you can define the following:
■
Username—Name that identifies the user. It must be unique within the router.
Do not include spaces, colons, or commas in the username.
■
User's full name—If the full name contains spaces, enclose it in quotation marks
(“ ”). Do not include colons or commas.
■
User identifier (UID)—Numeric identifier that is associated with the user account
name. The identifier must be in the range 100 through 64000 and must be unique
within the router. If you do not assign a UID to a username, the software assigns
one when you commit the configuration, preferring the lowest available number.
■
User's access privilege—You can create login classes with specific permission
bits or use one of the default classes listed in Table 6 on page 5.
■
Authentication method or methods and passwords that the user can use to access
the router—You can use SSH or an MD5 password, or you can enter a plain-text
4
■
User Authentication Overview
J-series™ Services Router Administration Guide