3.2.7. auth

Configuration data for local users.

vrouter running config# system auth

user

List of local users on the system.

vrouter running config# system auth user <string>

<string>

The user name string identifying this entry.

role (mandatory)

The role of the user.

vrouter running config# system auth user <string>
vrouter running user <string># role ROLE

ROLE values

Description

viewer

The user can view configuration and state and run standard commands. However, he/she cannot edit the configuration, read protected config/state nodes (such as passwords) nor run privileged commands (such as reboot, poweroff, etc.).

admin

The user can view all configuration and state, including protected nodes (such as password). He/she may edit the configuration and run any command including privileged ones (such as reboot, poweroff, etc.).

password

The user password, supplied as a hashed value using the notation described in the definition of the crypt-hash type.

vrouter running config# system auth user <string>
vrouter running user <string># password PASSWORD

PASSWORD

The crypt-hash type is used to store passwords using a hash function. The algorithms for applying the hash function and encoding the result are implemented in various UNIX systems as the function crypt(3). A value of this type matches one of the forms: $0$<clear text password> $<id>$<salt>$<password hash> $<id>$<parameter>$<salt>$<password hash> The ‘$0$’ prefix signals that the value is clear text. When such a value is received by the server, a hash value is calculated, and the string ‘$<id>$<salt>$’ or $<id>$<parameter>$<salt>$ is prepended to the result. This value is stored in the configuration data store. If a value starting with ‘$<id>$’, where <id> is not ‘0’, is received, the server knows that the value already represents a hashed value and stores it ‘as is’ in the data store. When a server needs to verify a password given by a user, it finds the stored password hash string for that user, extracts the salt, and calculates the hash with the salt and given password as input. If the calculated hash value is the same as the stored value, the password given by the client is accepted. This type defines the following hash functions: id | hash function | feature —+—————+——————- 1 | MD5 | crypt-hash-md5 5 | SHA-256 | crypt-hash-sha-256 6 | SHA-512 | crypt-hash-sha-512 The server indicates support for the different hash functions by advertising the corresponding feature.

authorized-key

A public SSH key for this user in the OpenSSH format. This key is allowed for SSH authentication without a password to both the NETCONF and SSH servers. You may use the ssh-keygen utility to generate a new key-pair and paste the contents of the *.pub file (the public key) here.

vrouter running config# system auth user <string>
vrouter running user <string># authorized-key <string>