Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1675
Views
5
Helpful
10
Replies

Local Password Policy with Encrypted password

Go to solution
giridar
Level 1
Level 1

‎02-02-2021 06:05 AM

Hi All,

 

 I have enabled local aaa authentication and added password policy

is there any way to encrypt the password created using the policy

 

tried using password 7 but it gives an error saying that password cannot be blank

 

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Richard Burts
Hall of Fame
Hall of Fame
In response to giridar

‎02-07-2021 11:34 PM

If currently your config does not contain service password-encryption can you add that? Have you been able to configure the user ID with a password? In show run what do you see for the user?

HTH

Rick

View solution in original post

0 Helpful
10 Replies 10

Go to solution
Richard Burts
Hall of Fame
Hall of Fame

‎02-03-2021 11:06 AM

The part of the error message about the password can not be blank leads me to believe that the immediate issue is in how you attempted to configure the user name and password. Can you tell us exactly what you typed in when you attempted to configure this user?

 

I do not understand this part of your question "is there any way to encrypt the password created using the policy". Perhaps you can provide clarification about what policy you configured?

 

If you want to configure a user and encrypted password I would suggest that using the parameter "secret" rather than using password 7 would be more effective.

HTH

Rick
0 Helpful

Go to solution
giridar
Level 1
Level 1
In response to Richard Burts

‎02-03-2021 09:03 PM

sorry about that,

 

i enabled aaa authentication and configured a password policy 

 

aaa-new model
aaa authentication login default local
aaa authorization exec default local
aaa common-criteria policy policy1
char-changes 3
max-length 16
min-length 8
special-case 1
numeric-count 1
upper-count 1
lower-count 1

 

then tried to add user

user user1 privilege 15 common-criteria-policy policy1 password 7 password1

0 Helpful

Go to solution
Richard Burts
Hall of Fame
Hall of Fame
In response to giridar

‎02-04-2021 06:07 AM

Thanks for the additional information. I believe that there are at least 2 issues that caused your attempt to configure the user to fail.

1) When you specify password 7 IOS expects the password to be already encrypted text. You might get that, for example, if you are doing copy/paste from an existing configuration into a new device. If the existing configuration specified service password encryption then the passwords would already have type 7 encryption. But your attempt asks for password 7 but has a plain text password. I would suggest that it would be better if you used this

user user1 privilege 15 common-criteria-policy policy1 secret password1

2) Your policy specifies that there should be at least one capital and 1 special case but the password you used has lower case and 1 number. So you might want something like this

user user1 privilege 15 common-criteria-policy policy1 secret Password1#

HTH

Rick
0 Helpful

Go to solution
giridar
Level 1
Level 1
In response to Richard Burts

‎02-04-2021 06:20 AM

thank you, when i run user user1 privilege 15 common-criteria-policy policy1 secret Password1#

it gives attached error

is there a way to generate a password 7 

Preview file
24 KB

Go to solution
Richard Burts
Hall of Fame
Hall of Fame
In response to giridar

‎02-04-2021 06:32 AM

I am surprised that the command to create a user does not accept the secret parameter. But your use of the help ? does show pretty clearly that it expects password and not secret. So use 

user user1 privilege 15 common-criteria-policy policy1 password Password1#

If your configuration contains the service password-encryption then I would expect that the result would be in the config file the user password would have type 7 encryption.

HTH

Rick
0 Helpful

Go to solution
giridar
Level 1
Level 1
In response to Richard Burts

‎02-07-2021 09:34 PM

thank you, currently there is no service password-encryption

0 Helpful

Go to solution
Richard Burts
Hall of Fame
Hall of Fame
In response to giridar

‎02-07-2021 11:34 PM

If currently your config does not contain service password-encryption can you add that? Have you been able to configure the user ID with a password? In show run what do you see for the user?

HTH

Rick
0 Helpful

Go to solution
giridar
Level 1
Level 1
In response to Richard Burts

‎02-08-2021 03:34 AM

yes, i have configured service password-encryption and the password is now encrypted

 

thank you very much

0 Helpful

Go to solution
Richard Burts
Hall of Fame
Hall of Fame
In response to giridar

‎02-08-2021 07:39 AM

You are welcome. I am glad that my suggestions were helpful and that you have now achieved what you were trying to accomplish. Thank you for marking this question as solved. This will help other participants in the community to identify discussions which have helpful information. This community is an excellent place to ask questions and to learn about networking. I hope to see you continue to be active in the community.

HTH

Rick
0 Helpful

Go to solution
savvas.ap
Level 1
Level 1
In response to giridar

‎05-24-2022 06:00 AM

I have experienced the same issue. It does not allow me to set secret passwords like this username usertest common-criteria-policy TEST secret password123453a and accept only username usertest common-criteria-policy TEST password password123453a. I have already enabled the encryption service as well. any ideas why?

0 Helpful
Customers Also Viewed These Support Documents