[nsp] cisco password hash problems?
John Osmon
josmon at rigozsaurus.com
Mon Apr 12 18:53:42 EDT 2004
I recently started running c7200-k91p-mz.122-18.S4.bin on a 7206.
Once booted, I wasn't able to login with a one of the locally defined
usernames. Resetting the password fixed things, but the fact that it
happened at all annoyed me.
With a little experimentation, I finally found out that the particular
hash that I had was the problem.
- It works fine in the older IOS version, but always fails with the newer.
- I created a new hash by using the same password on the older IOS,
and had no problem when booting the new IOS
- I created a new hash with the same password using the newer IOS
and was able to login with either IOS version booted
It's gotten me spooked enough that our new template for upgrading
routers (especially remote ones) has a couple of new steps at the
beginning:
- no service password-encryption
- username yyy password <new password>
- write
Once the upgrade is done, we'll add back 'service password-encryption'.
Has anyone else experienced this problem? IOS details and the password
hash are available to any of the Cisco folks that want to disect
things...
More information about the cisco-nsp
mailing list