Managing MS-CHAPv2 for password-change support
JUNOS enables you to configure Microsoft's implementation of the Challenge Handshake Authentication Protocol version 2 (MS-CHAPv2) on the switch for password-change support. This provides users accessing a switch the option of changing the password when the password expires, is reset, or is configured to be changed at next logon.
This section contains the following:
Configuring MS-CHAPv2 for password-change support
Before you configure MS-CHAPv2 for password-change support, ensure that you have configured the following:
- RADIUS server authentication.
- Set the first tried option in the authentication order to RADIUS server.
To configure MS-CHAP-v2, include the following statements at the [edit system radius-options] hierarchy level
- [edit system radius-options]
- password-protocol mschap-v2;
Example: Configuring MS-CHAPv2 on the Switch
The following example shows statements for configuring the MS-CHAPv2 password protocol, password authentication order, and user accounts.
- [edit]
- system {
- [ radius password ];
-
- {
- 192.168.69.149 secret "$9$G-j.5Qz6tpBk.1hrlXxUjiq5Qn/C";
## SECRET-DATA
- }
-
- radius-options {
- password-protocol mschap-v2;
- }
-
- login {
-
- user bob {
- class operator;
- }
- }
- }
