It doesn't appear as if you're using the class you've defined (labuser)
for user Juniper. Also keep in mind that you can't modify the builtin
classes. To creat a superuser account with idle-timeouts, you could do
the following for class administrator & user admin:
[system login]
/* Cannnot modify the predefined classes, so we must create our own. */
class administrator {
/* Session will time out after 15 minutes of inactivity */
idle-timeout 15;
permissions all;
}
/* This is our superuser account */
user admin {
full-name Administrator;
uid 2000;
class administrator;
authentication {
encrypted-password "<PASSWORD>"; # SECRET-DATA
}
}
-- steve
--- Stefano Bosio <sbosio@inwind.it> wrote:
> Hi,
>
> from documentation
>
> -----------------
> permissions
> Syntax
> permissions [ permissions ];
> Hierarchy Level
> [edit system login class]
> Description
> Configure the login access privileges to be provided on the router.
> Options
> permissions--Privilege type.
> Usage Guidelines
> See Configure Access Privilege Levels
> Required Privilege Level
> admin--To view this statement in the configuration.
> admin-control--To add this statement to the configuration.
>
>
> --------------
>
> i set this config
>
> system {
> }
> login {
> class labuser {
> idle-timeout 30;
> permissions [ clear configure control field floppy
> interface
> interface-control network reset routing routing-control shell snmp
> snmp-control system system-control trace trace-control view
> maintenance
> firewall firewall-control secret secret-control rollback ];
> }
> user juniper {
> uid 2002;
> class labuser;
> authentication {
> encrypted-password "$1$TCPMb$PhlaybNr.MWLPR5XXKK.Y0";
> #
> SECRET-DATA
> }
> }
> user lab {
> uid 2000;
> class operator;
> authentication {
> encrypted-password "$1$nLUQb$nefOd7kaG1J9V14CABf8h/";
> #
> SECRET-DATA
> }
>
>
> i don't set admin and admin-control to class labuser permission but
> from
> user juniper i can change the user config and commit them:
>
> juniper@M20-LAB> edit
> Entering configuration mode
>
> [edit]
> juniper@M20-LAB# set system login user juniper class super-user
>
> [edit]
> juniper@M20-LAB# commit and-quit
> commit complete
> Exiting configuration mode
>
> juniper@M20-LAB> exit
>
>
> M20-LAB (ttyd0)
>
> login: juniper
> Password:
> Last login: Mon Jun 18 14:50:49 on ttyd0
>
> --- JUNOS 4.4R2.3 built 2001-05-30 00:57:00 UTC
>
> juniper@M20-LAB> show configuration
> version 4.4R2.3;
> system {
> }
> login {
> class labuser {
> idle-timeout 30;
> permissions [ clear configure control field floppy
> interface
> interface-control network reset routing routing-control shell snmp
> snmp-control system system-control trace trace-control view
> maintenance
> firewall firewall-control secret secret-control rollback ];
> }
> user juniper {
> uid 2002;
> class super-user;
> authentication {
> encrypted-password "$1$TCPMb$PhlaybNr.MWLPR5XXKK.Y0";
> #
> SECRET-DATA
> }
> }
>
> -----------------------------
>
> some idea.
>
> stefano
>
__________________________________________________
Do You Yahoo!?
Spot the hottest trends in music, movies, and more.
http://buzz.yahoo.com/
This archive was generated by hypermail 2b29 : Mon Aug 05 2002 - 10:42:37 EDT