R3721-F3210-F3171-HP High-End Firewalls Access Control Command Reference-6PW101
154
[Sysname-hwtacacs-hwt1]
key (HWTACACS scheme view)
Syntax
key { accounting | authentication | authorization } [ cipher | simple ] key
undo key { accounting | authentication | authorization }
View
HWTACACS scheme view
Default level
2: System level
Parameters
accounting: Sets the shared key for HWTACACS accounting packets.
authentication: Sets the shared key for HWTACACS authentication packets.
authorization: Sets the shared key for HWTACACS authorization packets.
key: Shared key, case-sensitive. Follow the following guidelines:
• With the cipher keyword specified, the key must be a ciphertext string of 1 to 352 characters, for
example, _(TT8F]Y\5SQ=^Q`MAF4<1!!.
• With the simple keyword specified, the key must be a plaintext string of 1 to 255 characters, for
example aabbcc. The FIPS mode does not support the simple keyword.
• With neither the cipher keyword nor the cipher keyword specified, the key must be a plaintext string,
and the key is displayed in cipher text.
• In FIPS mode, the key must be a ciphertext string of at least 8 characters that must contain uppercase
letters, lowercase letters, digits, and special characters, and is encrypted with the 3DES algorithm.
Description
Use key to set the shared key for HWTACACS authentication, authorization, or accounting packets.
Use undo key to remove the configuration.
By default, no shared key is configured.
The shared keys configured on the firewall must match those configured on the HWTACACS servers.
Related commands: display hwtacacs.
Examples
# Set the shared key for HWTACACS accounting packets to plain text hello for HWTACACS scheme
hwt1 and specify to display the key in plain text.
<Sysname> system-view
[Sysname] hwtacacs scheme hwt1
[Sysname-hwtacacs-hwt1] key accounting simple hello
[Sysname-hwtacacs-hwt1] display this
#
hwtacacs scheme hwt1
key accounting simple hello
#