4000 Router Series Security Command Reference

password

Use password to configure a password for a local user.

Use undo password to delete the password of a local user.

Syntax

In non-FIPS mode:

password [ { cipher | hash | simple } password ]

undo password

In FIPS mode:

password

Default

In non-FIPS mode, there is no password configured for a local user and the user can pass authentication

after entering the correct username and passing attribute checks.

In FIPS mode, there is no password configured for a local user and the user cannot pass authentication.

Views

Local user view

Predefined user roles

network-admin

Parameters

cipher: Sets a ciphertext password.

hash: Sets a hashed password.

simple: Sets a plaintext password.

password: Specifies the password string. This argument is case sensitive.

• In non-FIPS mode:

{ A plaintext password is a string of 1 to 63 characters.

{ A hashed password is a string of 1 to 110 characters.

{ A ciphertext password is a string of 1 to 117 c h a ra ct e r s .

• In FIPS mode, a password is a plaintext string of 15 to 63 characters that must contain digits,

uppercase letters, lowercase letters, and special characters (see "Password control commands").

Usage guidelines

If you do not specify any the parameters or the device operates in FIPS mode, you enter the interactive

mode to set a plaintext password. Only device management users support passwords configured in

interactive mode.

A local user with no password configured directly passes authentication after providing the valid local

username and attributes. To enhance security, configure a password for each local user.

Device management users support plaintext and hashed passwords. Network access users support

plaintext and ciphertext passwords. For security purposes, all passwords, including passwords

configured in plain text, are saved in ciphertext, hashed or encrypted.