Options
What is the purpose of Enable Password?
hix18
Member Posts: 16 ■□□□□□□□□□
in CCNA & CCENT
Hi,
I have been trying to find the answer for this question :
What is the purpose of Enable Password if we already configured
Enable Secret? Why do we need to put both of this in our command?
Note : Enable password is a clear text password to be able to access to privillage mode but if you put Enable secret (using hashing method to encrypt) is will basicly overide your Enable password. So you have both of this passwords set and when you need to go to privillage mode you will be using Enable secret.
Hope someone can explain to me.
Thanx
I have been trying to find the answer for this question :
What is the purpose of Enable Password if we already configured
Enable Secret? Why do we need to put both of this in our command?
Note : Enable password is a clear text password to be able to access to privillage mode but if you put Enable secret (using hashing method to encrypt) is will basicly overide your Enable password. So you have both of this passwords set and when you need to go to privillage mode you will be using Enable secret.
Hope someone can explain to me.
Thanx
Here to learn.....
Comments
-
Optionsagustinchernitsky
Member Posts: 299
From what I read... is for compatibility for older IOS. Don't know why we have to use it, but, to be safe, you should... and should encrypt it too.
-
Optionshix18
Member Posts: 16 ■□□□□□□□□□
Ohh.. You mean that the old IOS does not support Enable Secret...
Do you know which IOS version?
thanx manHere to learn..... -
Optionsdarkuser
Member Posts: 620 ■■■□□□□□□□
-
Optionshix18
Member Posts: 16 ■□□□□□□□□□
Yup....you have solve my question
Thanx man....Here to learn..... -
Optionsagustinchernitsky
Member Posts: 299
Acording to Sybex CCNA guide:Password: Sets the enable password on older, pre-10.3 systems, and isn’t ever used if an enable secret is set.
Secret: Is the newer, encrypted password that overrides the enable password if it’s set.
It also recommends to encrypt the enable password and all user mode passwords:Router#config t Enter configuration commands, one per line. End with CNTL/Z. Router(config)#service password-encryption Router(config)#^Z Router#sh run Building configuration... Router#config t Router(config)#no service password-encryption Router(config)#^Z
-
Optionsforbesl
Member Posts: 454
While it is good practice to encrypt all of your passwords, you need to know that (with the exception of the enable secret password) all passwords you encrypt using "service password-encryption" are easily cracked. The enable secret is the only password that uses an MD5 hash.agustinchernitsky wrote:
It also recommends to encrypt the enable password and all user mode passwords: -
Optionsdarkuser
Member Posts: 620 ■■■□□□□□□□
if i run setup and am forced to set an enable pass,
i usually set it to cisco and then immediately
no enable pass ...... when i"m done with setup.rm -rf / -
Optionshix18
Member Posts: 16 ■□□□□□□□□□
I also found out that the purpose for us to configure the both Enable
password and Enable secret is because of security.
Imagine you only configure Enable secret and someone downgrade ur IOS then you will not be able to login to your saved configuration.
So that why it wise to configure both Enable password and Enable secret.
Correct me if I'm wrong here....Here to learn..... -
Optionswildfire
Member Posts: 654
Imagine you only configure Enable secret and someone downgrade ur IOS then you will not be able to login to your saved configuration.
So that why it wise to configure both Enable password and Enable secret.
Nice try, but if someone can get it to downgrade the ios then either A. They already know the enable secret, or B. They are at the router and have done the password recovery procedure and have access anyway.
The setup script has hardly changed between IOS's, If you dont use the setup script then its not a requirement to use the normal enable.Looking for CCIE lab study partnerts, in the UK or Online.
