Junos OS

Hi,

On our company's SRX firwall, I want to create a USER who can only...

 logs in, change passwords of other users and save / commit it - that's all

USER should not be allowed to run any other commands.

Can someone please send me command line of how can i achieve it.

Or

we manage our FW through NSM, can I do via NSM ? If yes then want to know steps

Thanks a lot.

You will need to create the login class with your desired restrictions for this.

https://www.juniper.net/documentation/en_US/junos/topics/task/configuration/access-privileges-configuration-mode-commands-specifying-qfx-series.html

Once you know the commands you want on the device.  In NSM you edit the SRX and navigate to the appropriate hierarchy:  system > login then add the login class restrictions and push it to the device.

Hi - thanks for your reply. I want to know the command for changing user accounts passwords ?

Thanks.

The password is set using authentication plain-text-password

Example for a user:  nocuser

root@none# show system login                                                   
user admin {
    uid 2000;
    class super-user;
    authentication {
        encrypted-password "$1$AfzYvY./$J5ITta.ellfOXC70tzq.L/"; ## SECRET-DATA
    }
}
user nocuser {
    class operator;
    authentication {
        encrypted-password "$1$Ij.hVU.i$cGmnJrVK7GWbwDeRXLalZ."; ## SECRET-DATA
    }
}

[edit]
root@none# set system login user nocuser authentication plain-text-password