set authentication password

Function

The set authentication password command configure the authentication password.

By default:

After a user logs in to a device for the first time, the device displays a message indicating that an authentication password has been set for the user. This password is called a local authentication password.
When a user logs in to a device for the first time and has not set an authentication password, no authentication password exists for the user on the device.

Format

set authentication password

set authentication password cipher password

undo set authentication password

Parameters

Parameter	Description	Value
cipher password	Specifies the password for the user interface. The authentication password displayed in ciphertext is irreversible.	When cipher is not entered, password input is in man-machine interaction mode, and the system does not display the entered password. The password is a string of 8 to 16 case-sensitive characters. The password must contain at least two of the following characters: upper-case character, lower-case character, digit, and special character. Special character except the question mark (?) and space. However, when double quotation marks are used around the password, spaces are allowed in the password. Double quotation marks cannot contain double quotation marks if spaces are used in a password. Double quotation marks can contain double quotation marks if no space is used in a password. For example, the password "a123"45"" is valid, but the password "a 123"45"" is invalid. When cipher is entered, the password is displayed in either plaintext or ciphertext during input. When being input in plaintext, the password requirements are the same as those when cipher is not entered. When you input a password in simple text, the system displays the password in simple text mode, which brings risks. When being input in ciphertext, the password must be a string of 48 to 128 consecutive characters. The password is displayed in ciphertext in the configuration file regardless of whether it is input in plaintext or cipher text.

Parameter

Description

Value

cipher password

Specifies the password for the user interface. The authentication password displayed in ciphertext is irreversible.

When cipher is not entered, password input is in man-machine interaction mode, and the system does not display the entered password.
The password is a string of 8 to 16 case-sensitive characters. The password must contain at least two of the following characters: upper-case character, lower-case character, digit, and special character.

Special character except the question mark (?) and space. However, when double quotation marks are used around the password, spaces are allowed in the password.
- Double quotation marks cannot contain double quotation marks if spaces are used in a password.
- Double quotation marks can contain double quotation marks if no space is used in a password.
For example, the password "a123"45"" is valid, but the password "a 123"45"" is invalid.
- When cipher is entered, the password is displayed in either plaintext or ciphertext during input.
- When being input in plaintext, the password requirements are the same as those when cipher is not entered. When you input a password in simple text, the system displays the password in simple text mode, which brings risks.
- When being input in ciphertext, the password must be a string of 48 to 128 consecutive characters.
The password is displayed in ciphertext in the configuration file regardless of whether it is input in plaintext or cipher text.

Views

VTY-type user interface view

Default Level

3: Management level

Task Name and Operations

Task Name	Operations
tty	write

Usage Guidelines

Usage Scenario

By default, you need no password authentication if you log in to the device through the Console interface, but you must provide correct password for authentication when you log in to the device through the VTY user interface. Otherwise, you cannot log in to the device successfully. You can use the set authentication password command to set the authentication password to ensure that authorized users can log in to the device securely.

If you cancel the authentication mode configured for login to the console user interface view using the undo authentication-mode command, you cannot change the authentication password using the set authentication password command.
If the protocol supported by the user interface is set to SSH in the protocol inbound command, the system displays an error message after you run the set authentication password command. Run the protocol inbound command to change the protocol supported by the user interface before running the set authentication password command.

Prerequisites

Before using the set authentication password command, ensure that the authentication mode in the user interface is password. If the authentication mode of the user interface is not password, run the authentication-mode password command in the user interface view to change the mode to password in the VTY user interface view.

Precautions

If the set authentication password command is run for multiple times, and only the latest configuration takes effect. When logging in to the device again, you must enter the correct password so that the authentication can be successful, and you can successfully log in to the device.
If the set authentication password command is executed to set or change the login password, you will be forced to change the password upon next login.
The password authentication mode poses risks. You are advised to use aaa. To change the authentication mode to aaa, run the authentication-mode password command in the VTY user interface view.
To ensure device security, change the password regularly.
After the weak password dictionary maintenance function is enabled, the passwords (which can be queried using the display security weak-password-dictionary command) defined in the weak password dictionary are unavailable.
If the password is changed through other login methods, the system displays the following message, prompting you to change the password if you log in to the console port for the first time:

Warning: The initial password poses security risks.

The password needs to be changed. Change now? [Y/N]:

The message disappears only after the password is changed through the console port.

Example

# Modify the local authentication password for the user interface vty 0 to vty 4 as Hello-huawei.

<HUAWEI> system-view
[~HUAWEI] user-interface vty 0 4
[~HUAWEI-ui-vty0-4] authentication-mode password
[*HUAWEI-ui-vty0-4] set authentication password
Please configure the login password (8-16)
Enter password:
Confirm password:

# Modify the local authentication password for the user interface console 0 as Hello-huawei.

<HUAWEI> system-view
[~HUAWEI] user-interface console 0
[~HUAWEI-ui-console0] authentication-mode password
[*HUAWEI-ui-console0] set authentication password cipher Hello-huawei123