Authentication, Authorization, and Accounting Commands

This module describes the commands used to configure authentication, authorization, and accounting (AAA) services.

secret

To configure an encrypted or clear-text password for the user, use the secret command in username configuration mode or line template configuration mode. To remove this configuration, use the no form of this command.

secret [ 0 [ enc-type enc-type-value ] |5|8|9|10 ] secret-login

no secret

Syntax Description

0 (Optional) Specifies that an unencrypted (clear-text) password follows. The password will be encrypted for storage in the configuration using an MD5 encryption algorithm. Otherwise, the password is not encrypted.
5

Specifies that an encrypted MD5 password (secret) follows.

8

(Optional) Specifies that SHA256-encrypted password follows.

9

(Optional) Specifies that scrypt-encrypted password follows.

10

(Optional) Specifies that SHA512-encrypted password follows.

secret-login

Text string in alphanumeric characters that is stored as the MD5-encrypted password entered by the user in association with the user’s login ID.

Note

 

The characters entered must conform to MD5 encryption standards.

enc-type

(Optional) Configures the encryption type for a password entered in clear text.

enc-type-value

Specifies the encryption type to be used.

Command Default

No password is specified.

Command Modes

Username configuration

Line template configuration

Command History

Release Modification
6.5.33

This command was introduced.

Usage Guidelines

Secrets are one-way encrypted and should be used for login activities that do not require a decryptable secret.

Task ID

Task ID Operation
aaa

read, write

Examples

The following example shows how to establish the clear-text secret “lab” for the user user2 :

RP/0/RP0/CPU0:ios(config)#username cisco
RP/0/RP0/CPU0:ios(config-un)#secret ?
RP/0/RP0/CPU0:ios(config-un)#secret 9
$9$q8j4v/mf1SOg5v$nGAhRkf0ek3wSYjDG/VKhwp2znPaWusuZtkx9Z1sM

policy

To configure a policy that is common for user password as well as secret, use the policy command in username configuration mode. To remove this configuration, use the no form of this command.

policy policy-name

Syntax Description

policy-name

Specifies the name of the policy that is common for user password as well as secret.

Command Default

None

Command Modes

username

Command History

Release Modification
6.5.33

This command was introduced.

Usage Guidelines

For detailed usage guidelines for this command, see the section of AAA Password Secuirity Policies chapter of Configure Authentication for Cisco NCS 4000

Task ID

Task ID Operation
aaa

read, write

Examples

This example shows how to configure a password policy that applies to both the password and the secret of the user.

RP/0/RP0/CPU0:router#configure
RP/0/RP0/CPU0:router(config)#username test_1
RP/0/RP0/CPU0:router(config-un)#policy test-policy1
RP/0/RP0/CPU0:router(config-un)#secret 10 $6$dmwuW0Ajicf98W0.$y/vzynWF1/OcGxwBwHs79VAy5ZZLhoHd7TicR4mOo8IIVriYCGAKW0A.w1JvTPO7IbZry.DxHrE3SN2BBzBJe0
RP/0/RP0/CPU0:router(config-un)#commit

username

To configure a new user with a username, establish a password, associate a password policy with the user, grant permissions for the user, and to enter username configuration mode, use the username command in XR Config mode or System Admin Config mode. To delete a user from the database, use the noform of this command.

username name

no username name

Syntax Description

username

Name of the user. The name argument can be only one word. Spaces and quotation marks are not allowed.

Command Default

No usernames are defined in the system.

Command Modes

Command History

Release Modification
6.5.33

This command was introduced.

Usage Guidelines

Use the username command to identify the user and enter username configuration mode.

Task ID

Task ID Operation
aaa

read, write

Examples

The following example shows the commands available after executing the username command:

RP/0/RP0/CPU0:router#config 
RP/0/RP0/CPU0:router(config)#username user1