set authentication password

Function

The set authentication password command configures a local authentication password.

The undo set authentication password command cancels the local authentication password.

By default, no local authentication password is configured for devices.

Format

set authentication password [ cipher password ]

undo set authentication password

Parameters

Parameter	Description	Value
cipher	Indicates a password in cipher text.	-
password	Specifies the password.	The value is a string of 8 to 16 characters or a string of 56 or 68 characters. The password can be in plain or cipher text. The password in plain text is a string of 8 to 16 characters. The password must contain at least two types of the following characters: upper-case characters, lower-case characters, digits, and special characters. Special characters do not include the question mark (?) and space. The password in cipher text is a string of 56 or 68 characters. The password in cipher text must start with $1a$ and end with $, or start with %^%# and end with %^%#. NOTE: If the source version supports a ciphertext password that is a string of 24 characters, the target version also supports this type of password. The password is displayed in cipher text in the configuration file regardless of whether it is input in plain text or cipher text.

Views

User interface view

Default Level

3: Management level

Usage Guidelines

Usage Scenario

If password authentication is configured for users, you can run the set authentication password command to change the password or set a password in cipher text.

If cipher password is not specified, the password is entered in interactive mode and can contain 8 to 16 characters. The requirements for the password are the same as the requirements for the password in plain text that is specified using the cipher parameter. The password you enter will not be displayed on the screen.

If you enter the plain text password when specifying cipher password, security risks exist. The interactive mode is recommended when users enter the password.

Pre-configuration Tasks

Password authentication has been configured for the user interface.

Precautions

If a password in cipher text is configured, users must obtain the password in plain text that is required for login authentication.
You cannot run the undo set authentication password command to delete a password. The undo set authentication password command is retained for compatibility with other versions.
If the password authentication is configured but the password is not configured for the user interface, the user cannot log in to the device.
If the set authentication password command is executed multiple times, the latest configuration overrides the previous ones. You can run the set authentication password command to change the local authentication password. After the password is changed, a user who wants to log in to the device must enter the latest password for login authentication.
Users can press CTRL_C to cancel password modification in the interaction mode.
You are advised to change the password periodically to improve device security.

Example

# Set a local authentication password for the user interfaces VTY 0-4 in interactive mode.

<HUAWEI> system-view
[HUAWEI] user-interface vty 0 4
[HUAWEI-ui-vty0-4] set authentication password
Warning: The "password" authentication mode is not secure, and it is strongly recommended to use "aaa" authentication mode.
Please configure the login password (8-16)
Enter Password:
Confirm Password:
[HUAWEI-ui-vty0-4]

# Set a local authentication password for the user interfaces VTY 0-4.

<HUAWEI> system-view
[HUAWEI] user-interface vty 0 4
[HUAWEI-ui-vty0-4] set authentication password cipher Huawei@123
Warning: The "password" authentication mode is not secure, and it is strongly recommended to use "aaa" authentication mode.