password-map
This command manages the encrypted passwords to a password aliases in a password map file.
Syntax
- Interactively add an entry to the password map file.
- password-map
- Delete an entry from the password map file.
- delete password-map alias
- Delete the password map file.
- no password-map
Parameters
- alias
- The alias is the reference to a password.
Guidelines
The password-map command maps the encrypted password to a password alias in a password map file.
The password map and the locally generated key are saved to separate files on the appliance. Plaintext passwords are not saved on the appliance. Password maps are typically used to protect key and certificate files.
- In commands that use plaintext, or unencrypted passwords, the
password
argument is used to open and read the corresponding file. - In commands that use encrypted passwords, the
password-alias
argument is the search criteria for the password map file to identify its associated encrypted password. Then the encrypted password is decrypted with the locally generated host key to yield the plaintext password. This password is used to open and read the corresponding file.
An attempt to reference an encrypted password that is not found in the password map results in command failure.
alias:password
pairs.alias
- Specifies the name of the alias. This name must consist of alphanumeric characters and cannot contain white space. The length is limited to 127 characters.
password
- Specifies the plaintext password. This password must consist of alphanumeric characters but can contain white space (spaces or tabs). Leading and trailing white space is ignored. The length is limited to 127 characters.
You must ensure that synchronization is maintained between the startup configuration and the password map file. You must use the password-map command to generate and encrypt aliases for certificate or key passwords before the certificate or key commands can access files that are protected by an encrypted password. An attempt to reference an encrypted password that is not in the password map results in failure.
Deletion of the password map and host key file has no immediate effect on keys and certificates that are in memory. At restart, however, key and certificate commands that contain references to aliases in the deleted password map fail unless a new password map was created with the same aliases.
Use the no password-map command to delete the password map and host key files.
Examples
- Create a password map and generate the host key to encrypt the
two plaintext passwords.
# password-map Please enter alias-name and plaintext password pairs - Enter a blank alias name to finish Alias-name: towson Plaintext password: ******** Re-enter plaintext password: ******** Alias-name: dundaulk Plaintext password: ******** Re-enter plaintext password: ******** Alias-name: Password-map saved (2 entries)
- Confirm the creation of the password map.
# show password-map 2 password-map aliases towson dundaulk
- Add another alias-password pair to the password map.
# password-map A password-map already exists, overwrite? Yes/No [y/n]: n Appending to current password map... Please enter alias-name and plaintext password pairs - Leading and trailing white space is removed Alias-name: columbia Plaintext password: ******** Re-enter plaintext password: ******** Alias-name: Password-map saved (3 entries)
- Delete the entry associated with the
columbia
alias.# delete password-map columbia Deleted passwrod-map alias 'columbia' password-map saved : 2 entry(s)
- Delete the password map.
# no password-map Are you sure you want to remove the password-map? Yes/No [y/n]: y Deleted saved password-map