Table of Contents
Advertisement
Media Flow Controller Configuration Tasks (CLI)
the public key of the receiver to encrypt the message and the receiver uses it's private key
to decrypt the message.
•
DES—Data Encryption Standard. This standard is older than AES-128 and considered
less secure than AES-128 but still supported for legacy systems using it. Generates 56
bits encryption key. DES is a symmetric encryption algorithm which means that you use
the same key to encrypt and decrypt the message.
User Account Defaults and States
The system comes initially with three accounts already created:
•
admin—Full privileges to do anything on the system.
•
juniper_probe_ftpuser—The auto-created user for CMC probes.
•
cmcrendv—Default CMC user.
•
monitor—Privileges to read almost everything on the system, and perform some actions,
but cannot modify configurations.
These accounts are both enabled, and by default have no password required for login (except
cmcrendv, a new account/capability not fully supported in Release 2.0.4)
There are five states an account may be in:
•
"Account disabled" (not listed in /etc/passwd). The admin account cannot be disabled.
username foo disable
•
"Local password login disabled" (hashed password set to "*"). There is no locally-
configured password to permit the user to log in. The user may still log in using an SSH
authorized key if one is installed, or remote authentication (for example, RADIUS or
TACACS+). The admin account may not be in this state unless it has an SSH authorized
key installed.
username foo disable password
•
"All password login disabled" (hashed password set to "!!"). No CLI command for this; the
hashed password must be set to "!!". Same as "Local password login disabled" except that
the user cannot be remotely authenticated (for example, by a RADIUS or TACACS+
server). The user may still log in using an SSH authorized key if one is installed. The
admin account may not be in this state unless it has an SSH authorized key installed.
•
"Local password set". The user can log in by typing the password whose hashed version
we have stored. This is not necessary if an SSH authorized key is installed, or if a remote
auth server comes earlier in the authentication order.
username foo password mypassword
•
"No password required for login" (hashed password set to ""). Anyone can log into this
account without providing authentication. The admin and monitor accounts begin in this
state (unless overridden by configured defaults), but should be changed for better
security.
username foo nopassword
68
Authentication / Authorization and Users Options
Media Flow Controller Administrator's Guide
Copyright © 2010, Juniper Networks, Inc.
Advertisement
Chapters
Table of Contents
Troubleshooting
