Users Guide

ManualsBrandsDell ManualsAccess PlatformsNetworking S3100 Series

1161

Enable the obscuring of passwords and keys, including RADIUS, TACACS+ keys, router authentication strings,

VRRP authentication, use the service obscure-passwords command.

Defaults Disabled.

Command Modes CONFIGURATION

Command History

This guide is platform-specific. For command information about other platforms, see the relevant Dell Networking

OS Command Line Reference Guide.

Version Description

9.8(2.0) Introduced on the S3100 series.

9.8(1.0) Introduced on the Z9100-ON.

9.8(0.0P5) Introduced on the S4048-ON.

9.8(0.0P2) Introduced on the S3048-ON.

9.7(0.0) Introduced on the S6000-ON.

9.6(0.0) Introduced on the S4810, S4820T, S5000, S6000, Z9000, Z9500, MXL

Usage Information

By default, the service password-encryption command stores encrypted passwords. For greater

security, you can also use the service obscure-passwords command to prevent a user from reading the

passwords and keys, including RADIUS, TACACS+ keys, router authentication strings, VRRP authentication by

obscuring this information. Passwords and keys are stored encrypted in the configuration file and by default are

displayed in the encrypted form when the configuration is displayed. Enabling theservice obscure-

passwords command displays asterisks instead of the encrypted passwords and keys. This command prevents a

user from reading these passwords and keys by obscuring this information with asterisks.

Password obscuring masks the password and keys for display only but does not change the contents of the file.

The string of asterisks is the same length as the encrypted string for that line of configuration. To verify that you

have successfully obscured passwords and keys, use the show running-config command orshow

startup-config command.

If you are using role-based access control (RBAC), only the system administrator and security administrator roles

can enable the service obscure-password command.

Commands

• show running-config— Display the current configuration and display changes from the default values.

• service password-encryption— Encrypts all passwords configured in the system.

Authentication and Password Commands

To manage access to the system, use the following the commands.

aaa authentication enable

Configure AAA Authentication method lists for user access to EXEC privilege mode (the “Enable” access).

Syntax

aaa authentication enable {default | method-list-name} method [... method2]

To return to the default setting, use the no aaa authentication enable {default | method-

list-name} method [... method2] command.

Parameters

default Enter the keyword default then the authentication methods to use as the default

sequence of methods for the Enable login. The default is default enable.

method-list-name

Enter a text string (up to 16 characters long) to name the list of enabled authentication

methods activated at login.

method

Enter one of the following methods:

• enable: use the password the enable password command defines in

CONFIGURATION mode.

Security 1167