[Contents] [Prev] [Next] [Index] [Report an Error] [No Frames]


Configuring User Accounts

User accounts provide one way for users to access the system. For each account, you define the login name for the user, properties for the user account, and authentication information. After you create an account, the software creates a home directory for the user when the user logs in to the system for the first time.

Each user has a home directory on the C-series platform, which is created the first time that the user logs in. Home directories that have the same name as the user ID are created in the /var/home directory; for example, the home directory for a user with the user ID Chris_Bee is /var/home/Chris_Bee.

Configuration Statements for User Accounts

Use the following configuration statements to configure user accounts at the [edit] hierarchy level.

system login user user-name {
    class class; 
    full-name full-name;
    uid uid; 
    prompt prompt;
    level (basic | normal | advanced | expert);
    complete-on-space (on | off);
}

system login user user-name authentication{
    plain-text-password;
    encrypted-password "password "; 
    ssh-authorized-keys [ssh-authorized-keys ...];
}

For detailed information about each configuration statement, see the SRC-PE CLI Command Reference.

Configuring a User Account

To configure a user account:

  1. From configuration mode, access the configuration statement that configures a user account, and specify a username that identifies the user.
  2. [edit]
    
    user@host# edit system login user user-name
    
    
    

The username must be unique within the system. Do not include spaces, colons, or commas in the username. For example:

[edit]
user@host# edit system login user JASmith

[edit system login user JASmith]

user@host#

  1. Specify the name of the login class that defines the user's access privilege. [edit system login user user-name]
  2. [edit system login user user-name]
    
    user@host# set class class 
    
    
    

The login class is one of the login classes that you defined in the class statement at the [edit system login] hierarchy level, or one of the default classes listed in Table 7 on page 64.

  1. Specify the user's full name.
  2. [edit system login user user-name]
    
    user@host# set full-name full-name
    
    
    

If the full name contains spaces, enclose it in quotation marks. Do not include colons or commas. For example:

[edit system login user JASmith]
user@host# set full-name "John A. Smith"

  1. (Optional) Specify a user identifier (UID) for the user.
  2. [edit system login user user-name]
    
    user@host# set uid uid
    
    
    

The identifier must be a number in the range 0 through 64,000 and must be unique within the system. If you do not assign a UID to a username, the software assigns one when you commit the configuration, preferring the lowest available number.

You must ensure that the UID is unique. However, it is possible to assign the same UID to different users.

  1. (Optional) Specify a prompt that the user sees at the SRC CLI.
  2. [edit system login user user-name]
    
    user@host# set prompt prompt
    
    
    
  3. (Optional) Specify the editing level available to the user. The level determines which configuration commands are visible to the user.
  4. [edit system login user user-name]
    
    user@host# set level (basic | normal | advanced | expert)
    
    
    

where:

  1. (Optional) Specify whether entering a space completes a command.
  2. [edit system login user user-name]
    
    user@host# set complete-on-space (on | off)
    
    
    

If you do not enter a value, complete-on-space is enabled by default.

  1. Define the authentication methods that a user can use to log in to a C-series platform.

See Configuring Authentication for User Accounts.

  1. Display the results of the configuration.
  2. [edit system login]
    
    user@host# show
    
    . . .
    
    user JASmith {
    
      class network-mgmt;
    
      full-name "John A. Smith";
    
      uid 507;
    
      gid 100;
    
      authentication { 
    
        encrypted-password "{crypt}caZEWDaE1au0c";
    
      }
    
      level normal;
    
      complete-on-space on;
    
    }
    
    
    

Configuring Authentication for User Accounts

You can configure the following types of authentication for user accounts:

If you configure a plain text password, you are prompted to enter and confirm the password.

Configuring a Plain Text Password

To configure a plain text password for a user account:

Configuring SSH Authentication

Before you configure SSH authentication, obtain the contents of SSH key files. You can copy the contents of an SSH keys file into a CLI session:

  1. On a management machine such as a PC or personal workstation, create an ssh-rsa key:
  2. > ssh-keygen
    
    (provide input)
    
    > cat ~/.ssh/id_rsa.pub
    
    
    
  3. On the C-series platform enter the set system login user testuser authentication ssh-authorized-key command, and paste in the SSH key:
  4. user@host# set system login user testuser authentication ssh-authorized-key 
    "pasted content of id_rsa.pub"
    
    
    

For example:

user@host# set system login user testuser authentication 
ssh-authorized-key "ssh-rsa 
AAAAB3NzaC1yc2EAAAABIwAAAIEAvSqAWNdMTQJS9eqG1eq
RANI3ML4hH+u7WX/HP0W82gDSPpjghnt1e5de3D8UkuIIEUBf1obgy/7AK
c98FqAIvVp5onCiMg8ELD6
RYkgOgo7U6zERB25qy3sK1Rn9NzrB20qLzbvAcZW1NIePmf1R99d/Rge7k
B/5k6fq3NOG0fc= id@server" "ssh-rsa 
AAAAB3NzaC1yc2EAAAABIwAAAIEAxlwe9HfZ78vbdfq1+AY0uCF79yGPxgGu
w
GZd9QVdT+dniwGh/4HwLITvKd8SYrhmJsyhz5dWuZm94JSwQosm9BVhJw
REt39NYIkLWOjGIMkk8Cxw4
TkpFfeIz1cSbeFxtFBFVaBbo4YkEv5ItbuxwvbTWURkvsQa2VJXAqIs7z8= 
id2@server2
eriand" "ssh-rsa 
AAAAB3NzaC1yc2EAAAABIwAAAIEAwwOoUD4m+SazgzF2kRIq5Y2+Ix2zQb
CxqBS
D1rmW92eLPOQIBv/sEy2d8UNeHpoKot9Px8q9ABriOyONc7vqNsSVnAMyi
cQB786uHoabSErVIYscapT
YvIGg+olbdhKySbSxOoXMehhgoQS0JZxHCbxsQJip7/7vJPCjRGU8Xq0= 
id@server3" ];

Changing the root Password

An account for the user root is always present in the configuration. Only the root user can change the root password.

To change the root password:

  1. Log into the SRC software as root.
  2. From operational mode, change the root password.
  3. root@host> set cli password   
    
    Changing password for user root.
    
    New UNIX password: 
    
    
    

You can also create a regular account for root and set the SSH key there. The class for root is always super-user—if you create an account for root, the class is ignored.

Example: User Accounts

The following example shows the configuration for user accounts for three system users and the template user "remote." All users use one of the default system login classes.

system login user philip {
    class super-user; 
    full-name "Philip of Macedonia"; 
    uid 1001;
    authentication {
            encrypted-password "{crypt}6YPqJe88Wz5fQ";
ssh-authorized-keys [ "ssh-rsa 
AAAAB3NzaC1yc2EAAAABIwAAAIEAvSqAWNdMTQJS9eqG1eq
RANI3ML4hH+u7WX/HP0W82gDSPpjghnt1e5de3D8UkuIIEUBf1obgy/7AK
c98FqAIvVp5onCiMg8ELD6
RYkgOgo7U6zERB25qy3sK1Rn9NzrB20qLzbvAcZW1NIePmf1R99d/Rge7k
B/5k6fq3NOG0fc= id@server" "ssh-rsa 
AAAAB3NzaC1yc2EAAAABIwAAAIEAxlwe9HfZ78vbdfq1+AY0uCF79yGPxgGu
w
GZd9QVdT+dniwGh/4HwLITvKd8SYrhmJsyhz5dWuZm94JSwQosm9BVhJw
REt39NYIkLWOjGIMkk8Cxw4
TkpFfeIz1cSbeFxtFBFVaBbo4YkEv5ItbuxwvbTWURkvsQa2VJXAqIs7z8= 
id2@server2
eriand" "ssh-rsa 
AAAAB3NzaC1yc2EAAAABIwAAAIEAwwOoUD4m+SazgzF2kRIq5Y2+Ix2zQb
CxqBS
D1rmW92eLPOQIBv/sEy2d8UNeHpoKot9Px8q9ABriOyONc7vqNsSVnAMyi
cQB786uHoabSErVIYscapT
YvIGg+olbdhKySbSxOoXMehhgoQS0JZxHCbxsQJip7/7vJPCjRGU8Xq0= 
id@server3" ];
    }
    user alexander {
            full-name "Alexander the Great";
            uid 1002;
            class view;
            authentication {
                encrypted-password "{crypt}6ZSqJe75Tz5fN";
        ssh-authorized-keys [ "ssh-rsa 
        AAAAB3NzaC1yc2EAAAABIwAAAIEAvSqAWNdMTQJS9eqG1eq
        RANI3ML4hH+u7WX/HP0W82gDSPpjghnt1e5de3D8UkuIIEUBf1obgy
        /7AKc98FqAIvVp5onCiMg8ELD6
        RYkgOgo7U6zERB25qy3sK1Rn9NzrB20qLzbvAcZW1NIePmf1R99d
        /Rge7kB/5k6fq3NOG0fc= id@server" "ssh-rsa 
        AAAAB3NzaC1yc2EAAAABIwAAAIEAxlwe9HfZ78vbdfq1+AY0uCF79y
        GPxgGuw
        GZd9QVdT+dniwGh/4HwLITvKd8SYrhmJsyhz5dWuZm94JSwQosm9
        BVhJwREt39NYIkLWOjGIMkk8Cxw4
        TkpFfeIz1cSbeFxtFBFVaBbo4YkEv5ItbuxwvbTWURkvsQa2VJXA
        qIs7z8= id2@server2
        eriand" "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAwwOoUD4m+Sazgz
        F2kRIq5Y2+Ix2zQbCxqBS
        D1rmW92eLPOQIBv/sEy2d8UNeHpoKot9Px8q9ABriOyONc7vqNsS
        VnAMyicQB786uHoabSErVIYscapT
        YvIGg+olbdhKySbSxOoXMehhgoQS0JZxHCbxsQJip7/7vJPCjRGU
        8Xq0= id@server3" ];
            }
        }
        user darius {
            full-name "Darius King of Persia";
            uid 1003;
            class operator;
            authentication {
                ssh "1024 37 12341234@ecbatana.per";
            }
        }
        user remote {
            full-name "All remote users";
            uid 9999;
            class read-only;
        }
    }


[Contents] [Prev] [Next] [Index] [Report an Error] [No Frames]