User Authentication
The JDM supports two of the three methods for user authentication that Junos OS
supports: local password authentication and TACACS+ authentication. It does not support
RADIUS authentication.
Related
Documentation
Configuring JDM User Accounts and Authentication on page 31•
• Understanding the JDM CLI on page 28
Configuring JDM User Accounts and Authentication
You create user accounts and configure authentication for those accounts in JDM the
same way you do in Junos OS. This topic provides some brief guidance on how to configure
user accounts and authentication. For more details, consult the Junos OS documentation.
•
To set the JDM root password:
root@jdm# set system root-authentication plain-text-password
You must use the JDM CLI to set the root password. You cannot set the root password
using the JDM shell.
•
To create a new JDM user account:
root@jdm# set system login user user-name class class-name authentication
plain-text-password
You cannot create JDM user accounts from the JDM shell.
•
To configure SSH keys for a user to enable SSH without a password:
root@jdm# set system login user user-name load-key-file URL-to-ssh-key-file
•
To configure TACAS+ authentication for user accounts:
root@jdm# set system tacplus-server server-address secret password
NOTE: TACACS+ is used to support SSH authentication, and once
configured, TACACS+ configuration is applicable for both, JDM and host
SSH authentication. On the host, TACACS+ is used to authenticate SSH
requests only for the root account and when requested from outside the
device.
Optionally, you can specify the TACACS+ authentication server port number and the
timeout period. To do so:
root@jdm# set system tacplus-server server-address port port-number
root@jdm# set system tacplus-server server-address timeout period
NOTE: By default, the TACACS+ port number is set to 49, and the timeout
period is set to 5 seconds.
31Copyright © 2017, Juniper Networks, Inc.
Chapter 3: Management
To Next Page
Loading...
