Switching

 View Only

IMPORTANT MODERATION NOTICE

This community is currently under full moderation, meaning  all posts will be reviewed before appearing in the community. Please expect a brief delay—there is no need to post multiple times. If your post is rejected, you'll receive an email outlining the reason(s). We've implemented full moderation to control spam. Thank you for your patience and participation.



  • 1.  Login Disclaimer

    Posted 03-16-2011 10:51
    Does anyone know how to add a disclaimer to the login pages of the web interface and CLI? I am pokeing around under system access profile Am I hot or cold and is it possible?
    #disclaimer
    #login


  • 2.  RE: Login Disclaimer
    Best Answer

    Posted 03-16-2011 12:59


  • 3.  RE: Login Disclaimer

     
    Posted 03-24-2011 21:54

    There's an example of this somewhere (since their 'will it blend' operation on their website, i can't locate it).

     

    It, however, was for a 'agree or be logged off' prompt display upon login, not prior to login.  Also, the method used in the referenced case will probably be overwritten during an upgrade, whereas using a login-script will be maintained across upgrades.

    Here's my config:

     

     

    root#> show configuration system login 
    class data-admins {
        idle-timeout 15;
        login-script login-script.slax;    #### here's the script
        permissions all;
        }
    user admin-template {
        full-name "template for RADIUS auth";
        uid 1999;
        class data-admins;
        }
    }

     and here's the login-script.slax (which is stored on the switch at /config/db/scripts/op/login-script.slax

     

    version 1.15;
    ns junos = "http://xml.juniper.net/junos/*/junos";
    ns xnm = "http://xml.juniper.net/xnm/1.1/xnm";
    ns jcs = "http://xml.juniper.net/junos/commit-scripts/1.0";
    import "../import/junos.xsl";
    match / {
            var $banner = '
    * ****************************************************************************
    *  Acme Corp - Authorized Access Only
    *  This system is for the authorized use of employees of Acme.
    #  All access is logged and/or monitored.
    * ****************************************************************************
    ';
            <op-script-results> {
                    if ($user != "netconf") {
                            expr jcs:output($banner);
                            var $response = {
                                    call get-response();
                            }; /* var $response = { */
                            if ($response == "no") {
                                    var $userinfo = <get-system-users-information> ;
                                    var $response2 = jcs:invoke($userinfo);
                                    var $usertable = $response2/uptime-information/user-table/user-entry;
                                    for-each ($usertable) {
                                            var $tty = ./tty;
                                            var $command = ./command;
                                            if ($command == "-cli (cli)") {
                                                    var $terminateuser = <command> "request system logout terminal " _ $tty;
                                                    expr jcs:invoke($terminateuser);
                                            }
                                            /* if ($command == "-cli (cli)") { */
                                    }
                                    /* for-each ($status) { */
                            }
                            /* if ($response == "no") { */
                    }
                    /* if ($user != "netconf") { */
            }
            /* <op-script-results> { */
    }
    /* match / { */
    
    template get-response() {
            var $newline = jcs:printf("\n");
            expr jcs:output($newline);
            var $res = jcs:input("Consent to monitoring and continue? (yes/no) ");
            if ($res !=  "yes" && $res != "no") {
                    call get-response();
            } else {
                    expr $res;
            }
            /* if ($res !=  "yes" && $res != "no") { */
    }
    /* template get-response() { */

     Just beware that if you are logged in, and you log in a 2nd time and say no to the consent and continue prompt, BOTH of your sessions will be disconnected.

    If the author (someone at Juniper) has updated it, I haven't seen it (see my comment above)