Filter
Top Products
Version Description
9.7(0.0) Introduced on the S6000-ON.
9.6(0.0) Introduced on the S4810, S4820T, S5000, S6000, Z9000,
Z9500, MXL
Usage
Information
By default, the service password-encryption command stores encrypted
passwords. For greater security, you can also use the
service obscure-
passwords command to prevent a user from reading the passwords and keys,
including RADIUS, TACACS+ keys, router authentication strings, VRRP
authentication by obscuring this information. Passwords and keys are stored
encrypted in the configuration file and by default are displayed in the encrypted
form when the configuration is displayed. Enabling theservice obscure-
passwords
command displays asterisks instead of the encrypted passwords and
keys. This command prevents a user from reading these passwords and keys by
obscuring this information with asterisks.
Password obscuring masks the password and keys for display only but does not
change the contents of the file. The string of asterisks is the same length as the
encrypted string for that line of configuration. To verify that you have successfully
obscured passwords and keys, use the show running-config command orshow
startup-config command.
If you are using role-based access control (RBAC), only the system administrator
and security administrator roles can enable the service obscure-password
command.
Related
Commands
show running-config— Display the current configuration and display changes from
the default values.
service password-encryption— Encrypts all passwords configured in the system.
Authentication and Password Commands
To manage access to the system, use the following the commands.
aaa authentication enable
Configure AAA Authentication method lists for user access to EXEC privilege mode (the “Enable” access).
Syntax
aaa authentication enable {default | method-list-name} method
[... method2]
1586
Security