Tip

This is the documentation for the 19.12 version. Looking for the documentation of the latest version? Have a look here.

User Management¶

TNSR includes a tnsr user by default. Administrators may create additional users to provide separate workspaces for each user. In this workspace the user may save and load configurations.

Warning

User access is controlled by NACM and the NACM default behavior varies by platform and when the TNSR installation was created. See NETCONF Access Control Model (NACM) for details.

User Configuration¶

Entering config-auth mode requires a username. When modifying an existing user, the username is available for autocompletion. The command will also accept a new username, which it creates when the configuration is committed. Creating a new user requires providing a means of authentication:

tnsr(config)# auth user <user-name>

A user may be deleted using the no form:

tnsr(config)# no auth user <user-name>

The exit command leaves config-auth mode:

tnsr(config-auth)# exit
tnsr(config)#

When exiting config-auth mode, TNSR commits changes to the user, which will create or update the entry for the user in the host operating system.

Authentication Methods¶

There are two methods for authenticating users: passwords and user keys.

Password Authentication¶

The password method takes a password entered in plain text, but stores a hashed version of the password in the configuration:

tnsr(config-auth)# password <plain text password>

Note

The password is hashed by the CLI prior to being passed to the backend. The plain text password is never stored or passed outside the specific CLI instance.

Warning

The password may be between 6 and 256 characters in length, though depending on the operating system default password hashing algorithm and key derivation behavior, the practical limit may be lower.

If the configuration is viewed using the show configuration running command, the hashed password will be present.

User Key Authentication¶

The second method of authentication is by user key. A user key is the same format as created by ssh-keygen.

To add a user key for authentication, use the user-keys command inside config-auth mode:

tnsr(config-auth)# user-keys <key-name>

The user key is read directly from the CLI. After the command is executed by pressing Enter, the CLI will wait for the key to be entered, typically by pasting it into the terminal or by typing. The end of input is indicated by a blank line. The normal CLI features are bypassed during this process.