9-14
Cisco SN 5428-2 Storage Router Software Configuration Guide
OL-5239-01
Chapter 9 Configuring Authentication
Configuring Authentication Services
The following rules apply to passwords:
• Passwords are entered in clear text. However, they are changed to “XXXXX” in the CLI command
history cache, and are stored in the local username database in an encrypted format.
• If the password contains embedded spaces, enclose it with single or double quotes.
• After initial entry, passwords display in their encrypted format. Use the show aaa command to
display the local username database entries. The following is an example display:
username "foo" password "9 ea9bb0c57ca4806d3555f3f78a4204177a"
The initial “9” in the example display indicates that the password is encrypted.
• You can re-enter an encrypted password using the normal username password command. Enter the
encrypted password in single or double quotes, starting with 9 and a single space. For example,
copying and pasting password “9 ea9bb0c57ca4806d3555f3f78a4204177a” from the example
above into the username pat command would create an entry for pat in the username database. The
user named pat would have the same password as the user named foo. This functionality allows user
names and passwords to be restored from saved configuration files.
• When entering a password, a zero followed by a single space indicates that the following string is
not encrypted; 9 followed by a single space indicates that the following string is encrypted. To enter
a password that starts with 9 or zero, followed by one or more spaces, enter a zero and a space and
then enter the password string. For example, to enter the password “0 123” for the user named pat,
enter this command:
username pat password “0 0 123”
To enter the password “9 73Zjm 5” for user name lab1, use this command:
username lab1 password ‘0 9 73Zjm 5’
Enable
Enable is a special authentication service; it is available for Enable and Login authentication only. The
Enable service compares the password you entered with the Administrator mode password configured
for the storage router. The requested access is granted only if the passwords match.
See Chapter 3, “Configuring System Parameters,” for more information about changing the
Administrator mode password.
Monitor
Monitor is a special authentication service; it is available for Enable and Login authentication only. The
Monitor service compares the password you entered with the Monitor mode password configured for the
storage router. The requested access is granted only if the passwords match.
See Chapter 3, “Configuring System Parameters,” for more information about changing the Monitor
mode password.