Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Configure Password Rules for an Authorized Administrator

An account for root is always present in a configuration and is not intended for use in normal operation. The evaluated configuration restricts the root account to perform the initial installation and configuration of the evaluated device.

The authorized administrator is associated with a defined login class and has all permissions. The system stores the data locally for fixed password authentication.

Follow the guidelines in Password Specifications and Guidelines for Junos OS in FIPS Mode while providing passwords for authorized administrator accounts. Define the password specifications rules for an authorized administrator:

  • Define the minimum password length requirement of 10 characters.

  • Include both alphanumeric and punctuation characters, composed of any combination of upper and lowercase letters, numbers, and special characters such as, “!”, “@”, “#”, “$”, “%”, “^”, “&”, “*”, “(“, and “)”. There should be at least a change in one case, one or more digits, and one or more punctuation marks.

    Include a valid character sets such as uppercase letters, lowercase letters, numbers, punctuation, and other special characters.

  • Define the minimum number of character sets or character set changes. The minimum number of character sets required in plain-text passwords is 3.

  • The hashing algorithm for user passwords can be either SHA256 or SHA512 (SHA512 is the default hashing algorithm).

  • Commit the configuration:

    The new hash algorithm affects only those passwords that you generate after committing this configuration.

    The device supports ECDSA (P-256, P-384, and P-521) and RSA (2048, 3072, and 4096 modulus bit length) key-types.