Remote Template Accounts

By default, the JUNOS software uses the remote template accounts when:

• The authenticated user does not exist locally on the router
• The authenticated user's record in the authentication server specifies local user, or the specified local user does not exist locally on the router

To configure the remote template account, include the username remote and specify the privileges you want to provide to these remote users at the [edit system login user] hierarchy level:

[edit]

system {

    login {

        user remote {

            full-name "All remote users";

            uid uid-value;

            class class-name;

        }

    }

}

To configure different access privileges for users who share the remote template account, include the allow-commands and deny-commands commands in the authentication server configuration file. For information about how to define access privileges on the authentication server, see Configure Juniper Networks-Specific RADIUS Attributes and Configure Juniper Networks-Specific TACACS+ Attributes.

For information about creating user accounts, see Configure User Accounts. For an example of how to configure a template account, see Examples: Configure System Authentication.