Obscuring Passwords And Keys - Dell Z9000 Configuration Manual

10/25/40/50/100gbe throughput
Hide thumbs Also See for Z9000:
Table of Contents

Advertisement

To use local authentication for enable secret on the console, while using remote authentication on
VTY lines, issue the following commands.
The following example shows enabling local authentication for console and remote authentication for
the VTY lines.
Dell(config)# aaa authentication enable mymethodlist radius tacacs
Dell(config)# line vty 0 9
Dell(config-line-vty)# enable authentication mymethodlist
Server-Side Configuration
TACACS+ — When using TACACS+, Dell Networking sends an initial packet with service type
SVC_ENABLE, and then sends a second packet with just the password. The TACACS server must have
an entry for username $enable$.
RADIUS — When using RADIUS authentication, FTOS sends an authentication packet with the
following:
Username: $enab15$
Password: <password-entered-by-user>
Therefore, the RADIUS server must have an entry for this username.

Obscuring Passwords and Keys

By default, the service password-encryption command stores encrypted passwords. For greater
security, you can also use the service obscure-passwords command to prevent a user from reading
the passwords and keys, including RADIUS, TACACS+ keys, router authentication strings, VRRP
authentication by obscuring this information. Passwords and keys are stored encrypted in the
configuration file and by default are displayed in the encrypted form when the configuration is displayed.
Enabling the service obscure-passwords command displays asterisks instead of the encrypted
passwords and keys. This command prevents a user from reading these passwords and keys by obscuring
this information with asterisks.
Password obscuring masks the password and keys for display only but does not change the contents of
the file. The string of asterisks is the same length as the encrypted string for that line of configuration. To
verify that you have successfully obscured passwords and keys, use the show running-config
command or show startup-config command.
If you are using role-based access control (RBAC), only the system administrator and security
administrator roles can enable the service obscure-password command.
To enable the obscuring of passwords and keys, use the following command.
Turn on the obscuring of passwords and keys in the configuration.
CONFIGURATION mode
service obscure-passwords
Example of Obscuring Password and Keys
Dell(config)# service obscure-passwords
718
Security

Advertisement

Table of Contents
loading

Table of Contents