Configuring the Authentication Order

Using the authentication-order statement, you can prioritize the order in which the JUNOS software tries the different authentication methods when verifying user access to a router.

To configure the authentication order, include the authentication-order statement at the [edit system] hierarchy level:

Specify one or more of the following authentication methods in the preferred order, from first tried to last tried:

• radius—Verify the user using RADIUS authentication services
• tacplus—Verify the user using TACACS+ authentication services.
• password—Verify the user using the username and password configured locally by including the authentication statement at the [edit system login user] hierarchy level.

For each login attempt, the JUNOS software tries the configured authentication methods in order until the password is accepted. If the username and password are accepted, the login attempt succeeds and no other authentication methods are tried. The next method in the authentication order is consulted if the previous authentication method fails to respond OR if the method returns a reject response to the login attempt due to an incorrect username or password.

If none of the configured authentication methods accept the login credentials and if a reject response is received, the login attempt fails. If no response is received from any configured authentication method, the JUNOS software consults local password authentication as a last resort.

Copyright © 2009, Juniper Networks, Inc. All rights reserved. Trademark Notice.