Cisco ASA Series Cli Configuration Manual page 872

Configuring AAA
Command
Step 1
username username {nopassword | password password
[mschap]} [privilege priv_level]
Example:
hostname(config)# username exampleuser1 privilege
1
Cisco ASA Series CLI Configuration Guide
1-26
Chapter 1 Configuring AAA Servers and the Local Database
Purpose
Creates the user account. The username username
keyword is a string from 4 to 64 characters long.
The password password keyword is a string from 3 to 32
characters long. The mschap keyword specifies that the
password is converted to Unicode and hashed using
MD4 after you enter it. Use this keyword if users are
authenticated using MS-CHAPv1 or MS-CHAPv2. The
privilege level argument sets the privilege level, which
ranges from 0 to 15. The default is 2. This privilege level
is used with command authorization.
Caution
If you do not use command authorization (the
aaa authorization console LOCAL
command), then the default level 2 allows
management access to privileged EXEC
mode. If you want to limit access to privileged
EXEC mode, either set the privilege level to 0
or 1, or use the service-type command (see
Step 5).
The nopassword keyword creates a user account with no
password.
The encrypted and nt-encrypted keywords are
typically for display only. When you define a password
in the username command, the ASA encrypts it when it
saves it to the configuration for security purposes. When
you enter the show running-config command, the
username command does not show the actual password;
it shows the encrypted password followed by the
encrypted or nt-encrypted keyword (when you specify
mschap). For example, if you enter the password "test,"
the show running-config output would appear as
something similar to the following:
username user1 password DLaUiAX3l78qgoB5c7iVNw==
nt-encrypted
The only time you would actually enter the encrypted or
nt-encrypted keyword at the CLI is if you are cutting
and pasting a configuration file for use in another ASA,
and you are using the same password.