Special Requirements for JUNOS Software Plain-Text Passwords

The JUNOS Software has special requirements when you create plain-text passwords on a router or switch. Table 5 shows the default requirements.

Table 5: Special Requirements for Plain-Text Passwords

You can change the requirements for plain-text passwords.

JUNOS Software supports the following five character classes for plain-text passwords:

• Lowercase letters
• Uppercase letters
• Numbers
• Punctuation
• Special characters: ! @ # $ % ^ & * , +< > : ;

Control characters are not recommended.

You can include the plain-text-password statement at the following hierarchy levels:

• [edit system diag-port-authentication]
• [edit system pic-console-authentication]
• [edit system root-authentication]
• [edit system login userusername authentication]

  The change-type statement specifies whether the password is checked for the following:

  • The total number of character sets used (character-set)
  • The total number of character set changes (set-transitions)

  For example, the following password:

  MyPassWd@2

  has four character sets (uppercase letters, lowercase letters, special characters, and numbers) and seven character set changes (M–y, y–P, P–a, s–W, W–d, d–@, and @–2).

  The change-type statement is optional. If change-type is omitted, JUNOS-FIPS plain-text passwords are checked for character sets and JUNOS plain-text passwords are checked for character set changes.

  The minimum-changes statement specifies how many character sets or character set changes are required for the password. This statement is optional. If minimum-changes is not specified, character sets are not checked for JUNOS Software. If the change-type statement is configured for character-set, then minimum-changes must be 5 or less, because the JUNOS Software only supports five character sets.

  The format statement specifies the hash algorithm (md5, sha1 or des) for authenticating plain-text passwords. This statement is optional. For JUNOS Software, the default format is md5. For JUNOS-FIPS, only sha1 is supported.

  The maximum-length statement specifies the maximum number of characters allowed in a password. This statement is optional. By default JUNOS passwords have no maximum; however, only the first 128 characters are significant. JUNOS-FIPS passwords must be 20 characters or less. The range for JUNOS Software maximum-length passwords is from 20 to 128 characters.

  The minimum-length statement specifies the minimum number of characters required for a password. This statement is optional. By default JUNOS passwords must be at least 6 characters long, and JUNOS-FIPS passwords must be at least 10 characters long. The range is from 6 to 20 characters.

  Changes to password requirements do not take effect until the configuration is committed. When requirements change, only newly created, plain-text passwords are checked; existing passwords are not checked against the new requirements.

  The default configuration for JUNOS plain-text passwords is:

  [edit system login]

  passwords {

  change-type character-sets;

  format md5;

  minimum-changes 1;

  minimum-length 6;

  }

  The default configuration for JUNOS-FIPS plain-text passwords is:

  [edit system login]

  passwords {

  change-type set-transitions;

  format sha1;

  maximum-length 20;

  minimum-changes 3;

  minimum-length 10;

  }

Related Topics

• Changing the Requirements for JUNOS Software Plain-Text Passwords
• Configuring the Root Password