Login classes, Permission bits – Juniper Networks J-Series User Manual

password that the JUNOS software encrypts using MD5-style encryption before
entering it in the password database. If you configure the plain-text-password
option, you are prompted to enter and confirm the password.

Login Classes

All users who log into the Services Router must be in a login class. You can define
any number of login classes. With login classes, you define the following:

■

Access privileges users have when they are logged into the router. For more
information, see “Permission Bits” on page 5.

■

Commands and statements that users can and cannot specify. For more
information, see “Denying or Allowing Individual Commands” on page 7.

■

How long a login session can be idle before it times out and the user is logged
off.

You then apply one login class to an individual user account. The software contains
a few predefined login classes, which are listed in Table 6 on page 5. The predefined
login classes cannot be modified.

Table 6: Predefined Login Classes

Permission Bits Set

Login Class

clear

,

network

,

reset

,

trace

,

view

operator

view

read-only

all

super-user

and

superuser

None

unauthorized

Permission Bits

Each top-level command-line interface (CLI) command and each configuration
statement has an access privilege level associated with it. Users can execute only
those commands and configure and view only those statements for which they have
access privileges. The access privileges for each login class are defined by one or
more permission bits (see Table 7 on page 6).

Two forms for the permissions control the individual parts of the configuration:

■

"Plain" form—Provides read-only capability for that permission type. An example
is

interface

.

■

Form that ends in

-control

—Provides read and write capability for that permission

type. An example is

interface-control

.

User Authentication Overview

■

5

Chapter 1: Managing User Authentication and Access