[j-nsp] ERX1440, how to limit login to be able to "show conf" only
Scott Weeks
surfer at mauigateway.com
Wed Jul 2 13:23:35 EDT 2008
I hope you don't mind, but I put your questions back on the list as you're probably not the only one with them... :-)
scott
----------------------------------
There is something I don't understand.
1.is that perl script run on a stand alone unix
server?
----------------------------------
Yes, all you need is PERL running on a UNIX box.
----------------------------------
2. why does the script run two command
copy running-config 16w.cnf
sh configure > 16.scr
what's the difference between content of 16w.cnf
and 16.scr?
could we just use “copy running-config 16w.cnf" ?
---------------------------------
.scr is a test file that can be looked at on the UNIX box and the permissions can be used to control who looks at it. The .cnf file is a binary file to be used in case the ERX needs rebooting. It takes too long for the ERX to be reconfigured from the text file.
---------------------------------
3. how did you restrict operation abilities of ERX1440
account ?
I mean, if someone get login password and enable
password, he could do anything he want. So, on
ERX1440, the account should be restricted to ONLY to
fecth configuration or show interface status.
----------------------------------
The passwords are encrypted:
password 5 1k8ObM~O#Y.c.G!8_EH&
enable password level 10 7 yWZ at g~Xq<qF|P!R=Pg4n
More information about the juniper-nsp
mailing list