From: Shanky (shankyz@gmail.com)
Date: Wed Oct 05 2005 - 02:56:56 GMT-3
No, service password-encryption is off....
SW1(config)#enable password level 3 0 test3
% Converting to a secret. Please use "enable secret" in the future.
SW1(config)#^Z
SW1#sh run
19:06:42: %SYS-5-CONFIG_I: Configured from console by console
Building configuration...
Current configuration : 1652 bytes
!
version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname SW1
!
enable secret level 3 5 $1$Vbgi$q.7qPTB1R9U/fc.XmP2tn/
!
On 10/5/05, Venkatesh Palani <kvpalani@gmail.com> wrote:
>
> Hi,
> Service password-encryption converts all the password to type 5. I wonder
> if there is a chance for this to be slipped into your configuration (
> probably retainned from old configuration ...by chance)
> Regards,
> Kven
>
> On 10/5/05, Shanky <shankyz@gmail.com> wrote:
>
> > Thanks Arun,
> > But I think we can use the same hash for the enable secret password on 2
> > routers by cutting and pasting from the 2nd router to the 1st one.
> > The task I was trying was ,,,
> > 1. Configure enable password ( Not the secret password )
> > enable password level 2 0 test
> > The router automatically converted it to type 5 hash , now if we are
> > prohibited from using the enable secret command on the 2nd router, how
> > do we
> > set it up for using the same password as the 1st one ? Assume that we
> > cant
> > use the plain text password, and we cant use the md5 hash from the 1st
> > router also as we dont know the type7 hash for the password and enable
> > password command doesnt have any option for specifying the type 7 hash.
> > So, I guess the only way
> > 1. Use enable secret with Type 5 hash and copy/paste it from the other
> > router.
> > 2. Use enable secret with plain text password
> > 3. Use enable password with plain text password.
> > Thanks
> > Shanky
> >
> > On 10/4/05, Arun Arumuganainar <aarumuga@hotmail.com> wrote:
> > >
> > > Hi Shanky ,
> > >
> > > Type 5 secret password encryption uses MD5 encryption . So original
> > > password
> > > will get discarded after encryption . This means u can not cut and
> > paste
> > > enable secret password accross various routers .
> > >
> > > This is for the same reason type5 passwords can not be used with PPP
> > > username passwords .
> > >
> > > Thanks and Regards
> > > Arun
> > > ----- Original Message -----
> > > From: "Shanky" < shankyz@gmail.com>
> > > To: "lab" <ccielab@groupstudy.com>
> > > Sent: Monday, October 03, 2005 12:57 PM
> > > Subject: setting up enable password using encrypted password
> > >
> > >
> > > > Hi,
> > > > Just trying to setup enable password for different priv levels using
> > > > encrypted values , observed the following.
> > > > 1. on SW1 , did enable password level 2 0 test
> > > > the switch convers it to secret and the running config shows
> > > > enable secret level 2 5 $1$9H9z$IYx/gwpnxk5.MnnP3CVNn0
> > > > now .if I want to set the same password on say switch 2 but I am
> > > > prohibited from using enable secret command..
> > > > I did ..
> > > > on SW2,
> > > > enable password level 2 $1$jTcA$oHHlPh05wjdzi2sN7vS7t/ as shown
> > below ..
> > > but
> > > > got the error message .
> > > > SW1(config)#enable pass le
> > > > SW1(config)#enable pass level 2 7 $1$jTcA$oHHlPh05wjdzi2sN7vS7t/
> > > > % Converting to a secret. Please use "enable secret" in the future.
> > > > Invalid encrypted password: $1$jTcA$oHHlPh05wjdzi2sN7vS7t/
> > > > So, if the requirement is to have the same password on 2 devices and
> > we
> > > > have to use ..say an encrypted password on the 2nd device, the only
> > way
> > > it
> > > > seems is
> > > > enable secret level 2 5 $1$jTcA$oHHlPh05wjdzi2sN7vS7t/ ----- on the
> > 2nd
> > > > device
> > > > so when/where do we use the enable password 7 .... command ?
> > > > Can anyone explain ?
> > > > TIA
> > > > Shanky
> > > >
> > > >
> > _______________________________________________________________________
> > > > Subscription information may be found at:
> > > > http://www.groupstudy.com/list/CCIELab.html
> >
> > _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Sun Nov 06 2005 - 22:00:49 GMT-3