Rate and give feedback:  Feedback Received. Thank You!

Rate and give feedback: 

X

This document helped resolve my issue

Yes No

Additional Comments

800 characters remaining

May we contact you if necessary?

Name:  

E-mail: 

Enter a valid Email ID

Need product assistance? Contact Juniper Support

Submit

This site is protected by hCaptcha and its Privacy Policy and Terms of Service apply.

English  

English

Understanding User Accounts

User accounts provide one way for users to access the device. Users can access the device without accounts if you configured RADIUS or TACACS+ servers. After you have created an account, the device creates a home directory for the user. An account for the user root is always present in the configuration. The root account provides full administrative access to your device with complete control over its configuration and operation. The root account is often referred to as the superuser. In new devices, the root account has no password. You must add a password to the root account before you can commit any configuration.

• Username—Name that identifies the user. It must be unique within the device. Do not include spaces, control characters, colons, or commas in the username.
• User's full name—If the full name contains spaces, enclose it in quotation marks (“ ”). Do not include colons or commas.
• User identifier (UID)—Numeric identifier that is associated with the user account name. The identifier range is from 100 through 64,000 and must be unique within the device. If you do not assign a UID to a username, the software assigns one when you commit the configuration, preferring the lowest available number.
• User's access privilege—You can create login classes with specific permission bits or use one of the predefined classes.
• Authentication method or methods and passwords that the user can use to access the device—You can use SSH or an MD5 password, or you can enter a plain-text password that Junos OS encrypts using MD5-style encryption before entering it in the password database. If you configure a plain-text-password, you are prompted to enter and confirm the password.

  The stronger you make the password, the harder it is for others to discover it and use it to break into the account. Junos OS helps to enforce the use of strong passwords. For example, password requirements are as follows:

  • Be a minimum length of 6 characters.
  • Contain at least one change of case or character class.
  • Use at least three of the five defined character classes (uppercase letters, lowercase letters, numbers, punctuation marks, and other special characters).

  Best Practice: Increase the length of the password and the minimum number of case, digit, and punctuation changes to set up safer passwords. An example of a good password would be: t3aMX*u7rS. In addition to the root user, it is highly recommended that you create at least one other local user. You can log in as this user when you need to perform administration or maintenance tasks on the device.

Note: Junos-FIPS software has special password requirements. FIPS passwords must be between 10 and 20 characters in length. Passwords must use at least three of the five defined character sets (uppercase letters, lowercase letters, digits, punctuation marks, and other special characters). If Junos-FIPS is installed on the router or switch, you cannot configure passwords unless they meet this standard.