Configure the Authentication Order
If you configure the router to be both a RADIUS and TACACS+ client (by including the
radius-serverandtacplus-serverstatements), you can prioritize the methods to configure the order in which the software tries the different authentication methods when verifying that a user can access the router. For each login attempt, the JUNOS software tries the authentication methods in order, starting with the first one, until the password matches.To configure the authentication order, include the
authentication-orderstatement at the[edit system]hierarchy level:[edit system]authentication-order [authentication-methods];In
authentication-methods, specify one or more of the following in the preferred order, from first tried to last tried:
radius—Verify the user using RADIUS authentication services.tacplus—Verify the user using TACACS+ authentication services.password—Verify the user using the password configured for the user with theauthenticationstatement at the[edit system login user]hierarchy level.If you do not include the
authentication-orderstatement, users are verified based on their configured passwords.