Rate and give feedback:  Feedback Received. Thank You!

Rate and give feedback: 

X

This document helped resolve my issue

Yes No

Additional Comments

800 characters remaining

May we contact you if necessary?

Name:  

E-mail: 

Enter a valid Email ID

Need product assistance? Contact Juniper Support

Submit

This site is protected by hCaptcha and its Privacy Policy and Terms of Service apply.

English  

English

Special Requirements for Junos OS Plain-Text Passwords

Junos OS has special requirements when you create plain-text passwords on a router or switch. Table 1 shows the default requirements.

You can change the requirements for plain-text passwords.

Junos OS supports the following five character classes for plain-text passwords:

• Lowercase letters
• Uppercase letters
• Numbers
• Punctuation
• Special characters: ! @ # $ % ^ & * , +< > : ;

Control characters are not recommended.

You can include the plain-text-password statement at the following hierarchy levels:

• [edit system diag-port-authentication]
• [edit system pic-console-authentication]
• [edit system root-authentication]
• [edit system login user username authentication]

  The change-type statement specifies whether the password is checked for the following:

  • The total number of character sets used (character-set)
  • The total number of character set changes (set-transitions)

  For example, the following password:

  MyPassWd@2

  has four character sets (uppercase letters, lowercase letters, special characters, and numbers) and seven character set changes (M–y, y–P, P–a, s–W, W–d, d–@, and @–2).

  The change-type statement is optional. If you omit the change-type option, Junos-FIPS plain-text passwords are checked for character sets, and Junos OS plain-text passwords are checked for character set changes.

  The minimum-changes statement specifies how many character sets or character set changes are required for the password. This statement is optional. If you do not use the minimum-changes statement, character sets are not checked for Junos OS. If the change-type statement is configured for the character-set option, then the minimum-changes value must be 5 or less, because Junos OS only supports five character sets.

  The format statement specifies the hash algorithm (md5, sha1 or des) for authenticating plain-text passwords. This statement is optional. For Junos OS, the default format is md5. For Junos-FIPS, only sha1 is supported.

  The maximum-length statement specifies the maximum number of characters allowed in a password. This statement is optional. By default, Junos OS passwords have no maximum; however, only the first 128 characters are significant. Junos-FIPS passwords must be 20 characters or less. The range for Junos OS maximum-length passwords is from 20 to 128 characters.

  The minimum-length statement specifies the minimum number of characters required for a password. This statement is optional. By default, Junos OS passwords must be at least 6 characters long, and Junos-FIPS passwords must be at least 10 characters long. The range is from 6 to 20 characters.

  Changes to password requirements do not take effect until the configuration is committed. When requirements change, only newly created, plain-text passwords are checked; existing passwords are not checked against the new requirements.

  The default configuration for Junos OS plain-text passwords is:

  [edit system login]

  passwords {change-type character-sets;format md5;minimum-changes 1;minimum-length 6;}

  The default configuration for Junos-FIPS plain-text passwords is:

  [edit system login]

  passwords {change-type set-transitions;format sha1;maximum-length 20;minimum-changes 3;minimum-length 10;}