Junos
Showing results for 
Search instead for 
Do you mean 
Reply
Visitor
Posts: 4
Registered: ‎04-19-2017
0 Kudos
Accepted Solution

What permissions does a class need to change the root-authentication password?

Hi All,

 

I have referenced the following page (https://www.juniper.net/documentation/en_US/junos/topics/concept/access-privileges-levels-overview.h...) in an effort to create a user solely for the purpose of rotating the root user's password every week. I have configured the user with secret-control permissions (failed) and admin-control permissions (failed). Does only the root user have the permission to change the root-authentication password?

 

Thanks in advance.

 

Thomas

Super Contributor
Posts: 65
Registered: ‎06-21-2017
0 Kudos

Re: What permissions does a class need to change the root-authentication password?

Hi,

 

You need a super-user  to change the root password. The "secret-control" does say that it can change password but it cannot change the root password.

>set system login user test class super-user

 

As per the Juniper document:

 

access to the root directory is restricted by default to a predefined user account known as root user. The root user (also referred to as superuser) has unrestricted access and full permissions within the system. The expression “log in as root” is commonly used when an action requires you to log into the device as the root user.

 

http://www.juniper.net/documentation/en_US/junos12.3/topics/task/configuration/authentication-root-p...

 

 

Regards,

Rahul

 

Please mark my solution as accepted if it helped.

Highlighted
Visitor
Posts: 4
Registered: ‎04-19-2017
0 Kudos

Re: What permissions does a class need to change the root-authentication password?

Thanks Rahul.