[j-nsp] Re: Implementation of TACACS+

Kanagaraj Krishna kanagaraj at aims.com.my
Thu Jan 12 20:54:33 EST 2006


Paul,
Sorry for being naive. That means, TACACS+  can't be used for console
authentication because its not part of the [system services]. Am i right?
Thanks.

Regards,
Kana

----- Original Message -----
From: "Paul Fraley" <fraley at juniper.net>
To: "Kanagaraj Krishna" <kanagaraj at aims.com.my>
Cc: "andy" <andy at shady.org>; <juniper-nsp at puck.nether.net>
Sent: Friday, January 13, 2006 2:42 AM
Subject: Re: [j-nsp] Re: Implementation of TACACS+


> Kanagaraj Krishna wrote:
> > Hi,
> >    Thanks for the prompt reply. Are there any way of implementing tacacs
based
> > authentication for telnet sessions only (minus console, leaving it to
system
> > password authentication)? That would be similar to cisco, where there's
an
> > option of vty, tty and console. Thanks.
>
> All JUNOS router admin access methods (ssh, telnet, xnm-*, J-Web ...
things
> under [system services]) are authenticated via the methods defined in
> [system authentication-order].  So, no, there is no way to make telnet
> use only TACACS+ and ssh use only local user authentication, for example.
>
> A difference, however, telnet, does not allow root and ssh allows root by
> default (you can optional disable root access via ssh).
>
> Thanks,
> Paul
>



More information about the juniper-nsp mailing list