Prerequisites for All Access Protocols

A client application must be able to log in to each routing platform on which it establishes a connection with the JUNOScript server. The following instructions explain how to create a JUNOS login account for the application; for detailed information, see the chapter about configuring user access in the JUNOS System Basics Configuration Guide. Alternatively, you can skip this section and enable authentication through RADIUS or TACACS+; for instructions, see the chapter about system authentication in the JUNOS System Basics Configuration Guide.

To determine whether a JUNOS login account exists, enter CLI configuration mode on the routing platform and issue the following commands:

If the appropriate account does not exist, perform the following steps:

1. Include the user statement at the [edit system login] hierarchy level. Also include the class statement to specify a JUNOS login class that has the permissions required for all actions to be performed by the application. Optionally, include the full-name and uid statements, which are described in the chapter about configuring user access in the JUNOS System Basics Configuration Guide.

   [edit system login]

   user@host# set user account-name class class-name

2. Create a text-based password for the account by including either the plain-text-password or encrypted-password statement at the [edit system login user account-name authentication] hierarchy level.

   [edit system login]

   user@host# edit user account-name authentication

   Note: A text-based password is not strictly necessary if the account is used to access the JUNOScript server through SSH with public/private key pairs for authentication, but we recommend that you create one anyway. The key pair alone is sufficient if the account is used only for SSH access, but a password is required if the account is also used for any other type of access (for login on the console, for example). The password is also used—the SSH server prompts for it—if key-based authentication is configured but fails. For information about creating a public/private key pair, see Prerequisites for SSH Connections.

   To enter a password as text, issue the following command. You are prompted for the password, which is encrypted before being stored.

   [edit system login user account-name authentication]

   user@host# set plain-text-password

   New password: password

   Retype new password: password

   To store a password that you have previously created and hashed using Message Digest 5 (MD5) or Secure Hash Algorithm 1 (SHA-1), issue the following command:

   [edit system login user account-name authentication]

   user@host# set encrypted-password "password"

3. Issue the commit command.

   [edit system login user account-name authentication]

   user@host# top

   [edit]

   user@host# commit

4. Repeat the preceding steps on each routing platform where the client application establishes JUNOScript sessions.
5. Enable the client application to access the password and provide it when the JUNOScript server prompts for it. There are several possible methods, including the following:
   • Code the application to prompt the user for a password at startup and to store the password temporarily in a secure manner.
   • Store the password in encrypted form in a secure local-disk location or secured database and code the application to access it.

Copyright © 2009, Juniper Networks, Inc. All rights reserved. Trademark Notice.