When an EXEC process is started on a line that has password protection, the process prompts for the secret.
If the user enters the correct secret, the process issues the prompt. The user can try entering the secret thrice
before the terminal returns to the idle state.
Secrets are one-way encrypted and should be used for login activities that do not require a decryptable secret.
To verify that MD5 password encryption has been enabled, use the show running-config command. If the
“username name secret 5” line appears in the command output, enhanced password security is enabled.
The show running-config command does not display the login password in clear text when the 0 option
is used to specify an unencrypted password. See the “Examples” section.
Note
Task ID
OperationsTask ID
read, writeaaa
Examples
The following example shows how to establish the clear-text secret “lab” for the user user2:
RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# username user2
RP/0/RP0/CPU0:router(config-un)# secret 0 lab
RP/0/RP0/CPU0:router(config-un)# commit
RP/0/RP0/CPU0:router(config-un)# show running-config
Building configuration...
username user2
secret 5 $1$DTmd$q7C6fhzje7Cc7Xzmu2Frx1
!
end
Related Commands
DescriptionCommand
Adds a user to a group.group (AAA), on page 32
Creates a login password for a user.password (AAA), on page 44
Accesses user group configuration mode and
configures a user group, associating it with a set of
task groups.
usergroup, on page 117
Accesses username configuration mode and
configures a new user with a username, establishing
a password and granting permissions for that user.
username, on page 119
Cisco IOS XR System Security Command Reference for the Cisco CRS Router, Release 4.1
60 OL-24740-01
Authentication, Authorization, and Accounting Commands
secret
To Next Page
Loading...
Need help?
General
