Allied Telesis AT-8100 Series User Manual

Chapter 84: Local Manager Accounts

1380

Password encryption is activated with the SERVICE PASSWORD-
ENCRYPTION command and deactivated with the NO SERVICE
PASSWORD-ENCRYPTION command, both of which are found in the
Global Configuration mode. When you activate password encryption with
the SERVICE PASSWORD-ENCRYPTION command, the switch
searches the running configuration for plaintext passwords and encrypts
them. It also automatically encrypts the plaintext passwords of new
manager accounts.

When you deactivate password encryption with the NO SERVICE
PASSWORD-ENCRYPTION command, the switch searches the running
configuration and decrypts passwords that were initially created in
plaintext.

Decrypting passwords can pose a security risk because managers can
issue the NO SERVICE PASSWORD-ENCRYPTION command to see the
passwords of the other accounts. To permanently encrypt passwords so
that they remain in that form, even if someone issues the command, enter
them in their encrypted form when you create the manager accounts or
activate command mode restriction. This is illustrated in the examples in
the next section.