Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Configuring JDM User Accounts and Authentication

JDM User Accounts Overview

On a disaggregated Junos OS platform, all computing elements are separate compute entities, and their user accounts and passwords are managed separately. For example, JDM user accounts, including the root user account, are completely separate from the Junos VM user accounts.

Root Account

In the factory-default configuration, the JDM is set up with a root user account. However, there is no password set for the account. You must configure a root password as part of the initial configuration. If the initial configuration of the platform is performed through the phone home feature, the configuration must contain the root password setting. Until you configure a root password, you cannot access some of the user prompts and you cannot commit a configuration by using the JDM CLI.

You can set the root password only from the JDM CLI. You cannot set or change the root password from the JDM shell. The JDM root password is automatically propagated to the JDM shell.

Auto Login for Junos VNFs

When Junos VNFs such as JCP and vSRX are present on an NFX250 device, JDM auto login account allows you to login to Junos VNF without a password.

To configure auto login to JDM:

To login to Junos VNF from JDM:

Other User Accounts

You can create user accounts other than the root account in the JDM. To do this, you must use the JDM CLI. You cannot use the JDM shell to create user accounts.

The JDM supports the same features for user accounts as does Junos OS. That is, the JDM supports login classes, custom password requirements, limits on the number of login attempts, and so on.

User Authentication

The JDM supports two of the three methods for user authentication that Junos OS supports: local password authentication and TACACS+ authentication. It does not support RADIUS authentication.

Configuring JDM User Accounts and Authentication

You create user accounts and configure authentication for those accounts in JDM the same way you do in Junos OS. This topic provides some brief guidance on how to configure user accounts and authentication. For more details, consult the Junos OS documentation.

  • To set the JDM root password:

    You must use the JDM CLI to set the root password. You cannot set the root password using the JDM shell.

  • To create a new JDM user account:

    You cannot create JDM user accounts from the JDM shell.

  • To configure SSH keys for a user to enable SSH without a password:

  • To configure TACAS+ authentication for user accounts:

    Note:

    TACACS+ is used to support SSH authentication, and once configured, TACACS+ configuration is applicable for both, JDM and host SSH authentication. On the host, TACACS+ is used to authenticate SSH requests only for the root account and when requested from outside the device.

    Optionally, you can specify the TACACS+ authentication server port number and the timeout period. To do so:

    Note:

    By default, the TACACS+ port number is set to 49, and the timeout period is set to 5 seconds.

    You must also configure the user name along with the class of the user locally on JDM:

  • To allow users to log in to the NFX250 device as a root user:

  • To prevent users from logging in to the NFX250 device as a root user:

  • To allow users to log in to the NFX250 device as a root user through an authentication method (for example, RSA authentication) that does not require a password: