J-series™ Services Router User Guide
System Management Overview
This section contains the following topics:
System Authentication
The JUNOS software supports three methods of user authentication: local password
authentication, Remote Authentication Dial-In User Service (RADIUS), and
Terminal Access Controller Access Control System Plus (TACACS+).
With local password authentication, you configure a password for each
user allowed to log into the Services Router.
RADIUS and TACACS+ are authentication methods for validating users who
attempt to access the router using telnet. Both are distributed client/server
systems—the RADIUS and TACACS+ clients run on the router, and the
server runs on a remote network system.
You can configure the router to use RADIUS or TACACS+ authentication, or both, to
validate users who attempt to access the router. If you set up both authentication
methods, you also can configure which the router will try first.
User Accounts
User accounts provide one way for users to access the Services Router. Users can
access the router without accounts if you configured RADIUS or TACACS+ servers,
as described in "Managing Users with Quick Configuration" on page 169 and
"Managing Users and Files with a Configuration Editor" on page 182. After you have
created an account, the router creates a home directory for the user. An account
for the user root is always present in the configuration. For information about
configuring the password for the user root, see "Establishing Basic Connectivity"
on page 47. For each user account, you can define the following:
164
System Management Overview
System Authentication on page 164
User Accounts on page 164
Login Classes on page 165
Template Accounts on page 167
System Log Files on page 168
Username—Name that identifies the user. It must be unique within the router.
Do not include spaces, colons, or commas in the username.
User's full name—If the full name contains spaces, enclose it in quotation
marks (" "). Do not include colons or commas.
User identifier (UID)—Numeric identifier that is associated with the user
account name. The identifier must be in the range 100 through 64000 and