Secret 0 5 secret no secret 0 5 secret | Cisco Systems XR manual

Authentication, Authorization, and Accounting Commands on Cisco IOS XR Software

secret

secret

To create a secure login secret for a user, use the secret command in username or line configuration mode. To remove the secure secret, use the no form of this command.

secret {0 5} secret no secret {0 5} secret

Syntax Description	0	Specifies that an unencrypted (clear text) secure secret follows.
	5	Specifies that an encrypted secure secret follows.

	secret	Character-string secret to be entered by the user to log in.

Defaults

Command Modes

Command History

No password is specified.

Username configuration

Line configuration

Release	Modification
Release 2.0	This command was introduced on the Cisco CRS-1.

Release 3.0	No modification.

Release 3.2	This command was supported on the Cisco XR 12000 Series Router.

Release 3.3.0	The password argument was replaced with the secret argument.

Usage Guidelines To use this command, you must be in a user group associated with a task group that includes the proper task IDs. For detailed information about user groups and task IDs, see the Configuring AAA Services on Cisco IOS XR Software module of the Cisco IOS XR System Security Configuration Guide.

You can specify one of two types of secure secrets: encrypted or clear text.

When an EXEC process is started on a line that has password protection, the process prompts for the secret. If the user enters the correct secret, the process issues the prompt. The user can try three times to enter a secret before the process exits and returns the terminal to the idle state.

Secrets are one-way encrypted and should be used for applications such as login that do not need a decryptable secret.

Note The show running command does not display the login password in clear text when the 0 option is used to specify an unecrypted password.

Task ID	Task ID	Operations
	aaa	read, write

Cisco IOS XR System Security Command Reference

SR-50

Image 50

Cisco Systems XR manual Secret 0 5 secret no secret 0 5 secret, SR-50

Contents

SR-1 Aaa accounting SR-2 SR-3 Creates a method list to be used for authorizationAaa Read, write Aaa accounting system default SR-4 SR-5 Creates a method list for authenticationCreates a method list for authorization Aaa authentication SR-6 SR-7 Radius, group named-group,local, or line optionsCreates a method list for accounting Command Description SR-8 Local Aaa authorizationNetwork SR-9 SR-10 Which specifies that TACACS+ authorization is used SR-11 Aaa default-taskgroup SR-12 Aaa group server radius SR-13 Comprises three member servers SR-14 Aaa group server tacacs+ SR-15 SR-16 SR-17 Aaa accounting commandAccounting List named listname2 on a line template named configure SR-18 SR-19 AuthorizationAuthorization command Listname4 on a line template named configure SR-20 SR-21 Deadtime server-group configurationDeadtime minutes no deadtime Related Commands Description SR-22 SR-23 Description AAADescription string No description Taskgroup SR-24 Group SR-25 Task ID Examples SR-26 Inherit taskgroup SR-27 SR-28 SR-29 Inherit usergroupInherit usergroup usergroup-name Sales user group SR-30 SR-31 Login authenticationAuthentication login command SR-32 SR-33 Password AAAPassword 0 7 password No password 0 7 password SR-34 Radius-server dead-criteria time SR-35 SR-36 Radius-server dead-criteria tries SR-37 Dead-criteria time SR-38 SR-39 Radius-server deadtimeRadius-server deadtime minutes No radius-server deadtime SR-40 Retransmit retries Timeout secondsRadius-server host SR-41 SR-42 SR-43 Radius-server key SR-44 Specifies a Radius server host SR-45 Radius-server retransmit SR-46 SR-47 Radius-server timeoutRadius-server timeout seconds No radius-server timeout Radius source-interface SR-48 Outgoing Radius packets SR-49 SR-50 SecretSecret 0 5 secret no secret 0 5 secret SR-51 Server Radius SR-52 SR-53 Server TACACS+ SR-54 Groups different TACACS+ server hosts into distinct lists SR-55 Show aaa SR-56 SR-57 Aaa usergroup operator SR-58 Displays task IDs enabled for the currently logged-in user SR-59 Show radius If no radius servers are configured, no output is displayedShow radius SR-60 Field Description SR-61 SR-62 Show radius accountingShow radius accounting Show radius authentication SR-63 SR-64 Show radius authenticationShow radius authentication Show radius accounting SR-65 SR-66 Show radius clientShow radius client SR-67 Show radius dead-criteria SR-68 SR-69 Show radius server-groups No default behavior or valuesShow radius server-groups SR-70 Field Description SR-71 SR-72 Show tacacsShow tacacs SR-73 SR-74 Show tacacs server-groupsShow tacacs server-groups SR-75 SR-76 Show task supportedShow task supported SR-77 Ouni pkg-mgmt pos-dpt ppp Show user SR-78 SR-79 User all SR-80 SR-81 Tacacs-server host SR-82 SR-83 SR-84 Tacacs-server keyTacacs-server key key-nameno tacacs-server key Specifies a TACACS+ host SR-85 SR-86 Tacacs-server timeoutTacacs-server timeout seconds No tacacs-server timeout Tacacs source-interface SR-87 Aaa group server radius SR-88 Execute TaskWrite Debug SR-90 Taskgroup SR-91 SR-92 Creates a task group description in task configuration modeAdds a task ID to a task group Timeout login response SR-93 Enables AAA authentication for logins SR-94 Usergroup SR-95 Creates a description of a task group during configuration SR-96 Username SR-97 Adds a user to a group Defines a method list for authenticationCreates a login password for a user SR-98 Users group SR-99 Given operator privileges SR-100