Junos
Highlighted
Junos

What permissions does a class need to change the root-authentication password?

07.17.17   |  
‎07-17-2017 01:51 PM

Hi All,

 

I have referenced the following page (https://www.juniper.net/documentation/en_US/junos/topics/concept/access-privileges-levels-overview.h...) in an effort to create a user solely for the purpose of rotating the root user's password every week. I have configured the user with secret-control permissions (failed) and admin-control permissions (failed). Does only the root user have the permission to change the root-authentication password?

 

Thanks in advance.

 

Thomas

2 REPLIES
Junos

Re: What permissions does a class need to change the root-authentication password?

07.18.17   |  
‎07-18-2017 08:04 AM

Hi,

 

You need a super-user  to change the root password. The "secret-control" does say that it can change password but it cannot change the root password.

>set system login user test class super-user

 

As per the Juniper document:

 

access to the root directory is restricted by default to a predefined user account known as root user. The root user (also referred to as superuser) has unrestricted access and full permissions within the system. The expression “log in as root” is commonly used when an action requires you to log into the device as the root user.

 

http://www.juniper.net/documentation/en_US/junos12.3/topics/task/configuration/authentication-root-p...

 

 

Regards,

Rahul

 

Please mark my solution as accepted if it helped.

Junos

Re: What permissions does a class need to change the root-authentication password?

07.19.17   |  
‎07-19-2017 10:09 AM

Thanks Rahul.