password (Login)

Set requirements for using character sets in plain-text passwords. When you combine this statement with the minimum-changes statement, you can check for the total number of character sets included in the password or for the total number of character-set changes in the password. Newly created passwords must meet these requirements.

• Values: Specify one of the following:

  • character-sets—The number of character sets in the password. Valid character sets include uppercase letters, lowercase letters, numbers, punctuation, and other special characters.

  • set-transitions—The number of transitions between character sets.

Configure the authentication algorithm for plain-text passwords. The hash algorithm that authenticates the password can be one of these algorithms:

• Values:

  • sha1—Secure Hash Algorithm 1. Produces a 160-bit digest. The encrypted password starts with $sha1$. The option sha1 is not supported in Junos OS Evolved.

  • sha2—HMAC Secure Hash Algorithm. The encrypted password starts with $sha2$). The option sha1 is not supported in Junos OS Evolved.

  • sha256—Secure Hash Algorithm 256. Produces a 256-bit digest. The encrypted password starts with $5$.

  • sha512—Secure Hash Algorithm 512. Produces a 512-bit digest. The encrypted password starts with $6$.

• Default: For Junos OS, the default encryption format is sha512.

Specify the maximum number of characters allowed in plain-text passwords. Newly created passwords must meet this requirement.

• Range: 20 through 128 characters

• Default: For Junos-FIPS software, the maximum number of characters for plain-text passwords is 20. For Junos OS, no maximum is set.

Specify the maximum duration of a password in days, where the password expires after the maximum duration is reached. If you have the required permissions, you are able to control the maximum duration of a password. If the age of the password reaches the maximum time configured, the password expires and must be changed. If your password has expired, you cannot commit a configuration until you change your password. Only passwords for local user accounts can expire based on time configured on the maximum lifetime statement.

• Range: 30 through 365 days

Specify the minimum number of character sets (or character set changes) required for plain-text passwords. Newly created passwords must meet this requirement.

This statement is used in combination with the change-type statement. If the change-type is character-sets, then the number of character sets included in the password is checked against the specified minimum. If change-type is set-transitions, then the number of character set changes in the password is checked against the specified minimum.

• Default: For Junos OS, the minimum number of changes is 1. For Junos-FIPS Software, the minimum number of changes is 3.

Specify the minimum number of character changes between old and new passwords. Newly created passwords must meet this requirement. If you have the required permissions, you are able to configure the number of character changes between passwords. If the number of character changes between the old password and new password is greater than or equal to the configured value for minimum number of character changes, the new password is accepted. If the number of character changes is less than the configured value, the new password is rejected.

• Range: 4 through 15 characters

Specify the minimum number of characters required in plain-text passwords. Newly created passwords must meet this requirement.

This statement can be used in combination with all of the other requirement options for plain-text passwords, such as minimum-upper-cases, minimum-punctuations, minimum-lower-cases, and so on.

Using several password minimum requirement options will cause the minimum password length to be reset if the total sum of the required minimums exceeds the setting configured on the minimum-length statement.

• Default: For Junos OS, the minimum number of characters for plain-text passwords is six. For Junos-FIPS software, the minimum number of characters for plain-text passwords is 10.

• Range: 6 through 20 characters

Specify in days the minimum duration of a password before the password can be changed. If you have the required permissions, you are able to control the minimum lifetime of a password. You cannot change the password if the age of the password does not exceed the duration configured on the minimum-lifetime statement. When you change a password, the age of the existing password is retrieved based on the time at which the password was configured and the current time is fetched. If the age of the password is less than or equal to the configured value for the minimum-lifetime statement, the new password is not accepted and an error message is displayed. If the age of the password is more than the configured value for the minimum-lifetime statement, the new password is accepted.

• Range: 1 through 30 days

Specify the minimum number of lower-case letters required in plain-text passwords. Newly created passwords must meet this requirement.

This statement can be used in combination with all of the other requirement options for plain-text passwords, such as minimum-length, minimum-punctuations, minimum-upper-cases, and so on.

Using several password minimum requirement options will cause the minimum password length to be reset if the total sum of the required minimums exceeds the setting configured on the minimum-length statement.

• Range: 1 through 128 lower-case letters

Specify the minimum number of numeric-class characters required in plain-text passwords. Newly created passwords must meet this requirement.

This statement can be used in combination with all of the other requirement options for plain-text passwords, such as minimum-length, minimum-punctuations, minimum-lower-cases, and so on.

Using several password minimum requirement options will cause the minimum password length to be reset if the total sum of the required minimums exceeds the setting configured on the minimum-length statement.

• Range: 1 through 128 numeric-class characters

Specify the minimum number of punctuation-class characters required in plain-text passwords. Newly created passwords must meet this requirement.

This statement can be used in combination with all of the other requirement options for plain-text passwords, such as minimum-length, minimum-upper-cases, minimum-lower-cases, and so on.

Using several password minimum requirement options will cause the minimum password length to be reset if the total sum of the required minimums exceeds the setting configured on the minimum-length statement.

• Range: 1 through 128 punctuation-class characters

Specify the number of old passwords which should not match the new password. Newly created passwords must meet this requirement. If you have the required permissions, you are able to control the number of old passwords that need to be compared. The number of old passwords to compare with the new password depends on the value configured. If a match is found between the new password and any of the old passwords, the device rejects the new password and terminates. If the new password is different from the configured number of old passwords, the new password is accepted.

• Range: 1 through 20 passwords

Specify the minimum number of upper-case letters required in plain-text passwords. Newly created passwords must meet this requirement.

This statement can be used in combination with all of the other requirement options for plain-text passwords, such as minimum-length, minimum-punctuations, minimum-lower-cases, and so on.

Using several password minimum requirement options will cause the minimum password length to be reset if the total sum of the required minimums exceeds the setting configured on the minimum-length statement.

• Range: 1 through 128 upper-case letters