Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Guide That Contains This Content
[+] Expand All
[-] Collapse All

    Configuring a Network Device Protection Profile Authorized Administrator

    An account for root is always present in a configuration and is not intended for use in normal operation. In the evaluated configuration, the root account is restricted to the initial installation and configuration of the evaluated device.

    An NDPP authorized administrator must have all permissions, including the ability to change the router configuration.

    To configure an authorized administrator:

    1. Create a login class named security-admin with all permissions.
      [edit]root@host# set system login class security-admin permissions all
    2. Define your NDPP user authorized administrator.
      [edit]root@host# set system login user NDPP-user full-name Common Criteria NDPP Authorized Administrator class security-admin authentication encrypted-password <password>
    3. Configure the authentication algorithm for plain-text passwords as sha1.
      [edit]root@host# set system login password format sha1
    4. Commit the changes.
      [edit]root@host# commit

    Note: The root password should be reset following the change to sha1 for the password storage format. This ensures the new password is protected using a sha1 hash, rather than the default password hashing algorithm. To reset the root password, use the set system login user root password password command, and confirm the new password when prompted.

    Modified: 2015-01-16