default-client-identity (NETCONF TLS)
Syntax
default-client-identity { map-type (san-dirname-cn | specified); username username; }
Description
For NETCONF sessions over Transport Layer Security (TLS), configure the default method to derive the NETCONF username for clients that do not match any configured clients.
If the fingerprint of a client’s presented certificate
does not match the fingerprint for a client configured at the [edit system services netconf tls client-identity]
hierarchy
level, then Junos OS uses the default-client-identity
map
type to derive the NETCONF username for the client.
Junos OS supports local users and LDAP remote users for NETCONF sessions over TLS. The username must either have a user account defined locally on the device, or it must be authenticated by an LDAP server, which then maps it to a local user template account that is defined locally on the device.
Default
If you do not include the default-client-identity
statement, and a NETCONF-over-TLS client does match any clients
configured at the [edit system services netconf tls client-identity]
hierarchy level, then Junos OS does not establish the NETCONF session.
Options
map-type type |
Map type that defines how to derive the NETCONF username.
|
username username |
Username under whose access privileges
the NETCONF operations are executed when |
Required Privilege Level
system—To view this statement in the configuration.
system-control—To add this statement to the configuration.
Release Information
Statement introduced in Junos OS Release 20.2R1.