Juniper Networks J-Series Network Router User Manual


 
password that the JUNOS software encrypts using MD5-style encryption before
entering it in the password database. If you configure the plain-text-password
option, you are prompted to enter and confirm the password.
Login Classes
All users who log into the Services Router must be in a login class. You can define
any number of login classes. With login classes, you define the following:
Access privileges users have when they are logged into the router. For more
information, see Permission Bits on page 5.
Commands and statements that users can and cannot specify. For more
information, see Denying or Allowing Individual Commands on page 7.
How long a login session can be idle before it times out and the user is logged
off.
You then apply one login class to an individual user account. The software contains
a few predefined login classes, which are listed in Table 6 on page 5. The predefined
login classes cannot be modified.
Table 6: Predefined Login Classes
Permission Bits SetLogin Class
clear, network, reset, trace, viewoperator
viewread-only
allsuper-user and superuser
None
unauthorized
Permission Bits
Each top-level command-line interface (CLI) command and each configuration
statement has an access privilege level associated with it. Users can execute only
those commands and configure and view only those statements for which they have
access privileges. The access privileges for each login class are defined by one or
more permission bits (see Table 7 on page 6).
Two forms for the permissions control the individual parts of the configuration:
"Plain" formProvides read-only capability for that permission type. An example
is interface.
Form that ends in -controlProvides read and write capability for that permission
type. An example is interface-control.
User Authentication Overview 5
Chapter 1: Managing User Authentication and Access