 | Copyright © 2008, Juniper Networks, Inc. All rights reserved. Trademark Notice. | |
The JUNOS software has special requirements when you create plain-text passwords on a routing platform. Table 9 shows the default requirements.
Table 9: Special Requirements for Plain-Text Passwords
JUNOS software supports the following five character classes for plain-text passwords:
Control characters are not recommended.
To change the requirements for plain-text passwords, include the password statement at the [edit system login] hierarchy level:
- [edit system login]
-
password {
-
change-type (set-transitions | character-set);
-
format (md5 | sha1 | des);
-
maximum-length length;
-
minimum-changes number;
-
minimum-length length;
- }
These statements apply to plain-text passwords only, not encrypted passwords.
The change-type statement specifies whether the password is checked for the following:
For example, the following password:
- MyPassWd@2
has four character sets (uppercase letters, lowercase letters, special characters, and numbers) and seven character set changes (M–y, y–P, P–a, s–W, W–d, d–@, and @–2).
The change-type statement is optional. If change-type is omitted, JUNOS-FIPS plain-text passwords are checked for character sets and JUNOS plain-text passwords are checked for character set changes.
The minimum-changes statement specifies how many character sets or character set changes are required for the password. This statement is optional. If minimum-changes is not specified, character sets are not checked for JUNOS software. If the change-type statement is configured for character-set, then minimum-changes must be 5 or less because JUNOS software only supports 5 character sets.
The format statement specifies the hash algorithm (md5, sha1 or des) for authenticating plain-text passwords. This statement is optional. For JUNOS software, the default format is md5. For JUNOS-FIPS, only sha1 is supported.
The maximum-length statement specifies the maximum number of characters allowed in a password. This statement is optional. By default JUNOS passwords have no maximum; however, only the first 128 characters are significant. JUNOS-FIPS passwords must be 20 characters or less. The range for JUNOS software maximum-length passwords is from 20 to 128 characters.
The minimum-length statement specifies the minimum number of characters required for a password. This statement is optional. By default JUNOS passwords must be at least 6 characters long, and JUNOS-FIPS passwords must be at least 10 characters long. The range is from 6 to 20 characters.
Changes to password requirements do not take effect until the configuration is committed. When requirements change, only newly created, plain-text passwords are checked; existing passwords are not checked against the new requirements.
The default configuration for JUNOS plain-text passwords is:
- [edit system login]
- passwords {
- change-type character-sets;
- format md5;
- minimum-changes 1;
- minimum-length 6;
- }
The default configuration for JUNOS-FIPS plain-text passwords is:
- [edit system login]
- passwords {
- change-type set-transitions;
- format sha1;
- maximum-length 20;
- minimum-changes 3;
- minimum-length 10;
- }
In this example, the minimum password length is set to 12 characters and the maximum length is set to 22 characters.
- [edit system login]
- passwords {
- minimum-length 12;
- maximum-length 22;
- }
| Copyright © 2008, Juniper Networks, Inc. All rights reserved. Trademark Notice. | |