Junos OS

Expand all | Collapse all

What permissions does a class need to change the root-authentication password?

Jump to Best Answer
  • 1.  What permissions does a class need to change the root-authentication password?

    Posted 07-17-2017 13:51

    Hi All,

     

    I have referenced the following page (https://www.juniper.net/documentation/en_US/junos/topics/concept/access-privileges-levels-overview.html) in an effort to create a user solely for the purpose of rotating the root user's password every week. I have configured the user with secret-control permissions (failed) and admin-control permissions (failed). Does only the root user have the permission to change the root-authentication password?

     

    Thanks in advance.

     

    Thomas


    #secret-control
    #password
    #changepassword
    #user
    #authentication
    #admin-control
    #JUNOS
    #root
    #Permissions


  • 2.  RE: What permissions does a class need to change the root-authentication password?
    Best Answer

    Posted 07-18-2017 08:05

    Hi,

     

    You need a super-user  to change the root password. The "secret-control" does say that it can change password but it cannot change the root password.

    >set system login user test class super-user

     

    As per the Juniper document:

     

    access to the root directory is restricted by default to a predefined user account known as root user. The root user (also referred to as superuser) has unrestricted access and full permissions within the system. The expression “log in as root” is commonly used when an action requires you to log into the device as the root user.

     

    http://www.juniper.net/documentation/en_US/junos12.3/topics/task/configuration/authentication-root-password-configuring.html

     

     

    Regards,

    Rahul

     

    Please mark my solution as accepted if it helped.



  • 3.  RE: What permissions does a class need to change the root-authentication password?

    Posted 07-19-2017 10:10

    Thanks Rahul.