How to change user passwords on the command line?

Discussion in 'Cisco' started by Doug, Jul 8, 2004.

  1. Doug

    Doug Guest

    Probably a really dumb question, but what is the IOS command a user can
    used to change their own passwords on the command line on a Cisco router?

    We have TACACS set up but for some reason its misbehaving and won't
    allow use of the "apply password change rule" flag which forces users to
    change thier password at first login. If this flag is on, the accounts
    expire immediately. So we unset it, set the password in TACACS and tell
    the user. Problem is that the sysadmin knows the password, the user
    can't change it, and the user knows that the sysadmin knows the
    password. Not an ideal security situation.

    Anyway, a way past that would be getting the users to change their
    passwords via the command line, but no-one seems to know how its done.
    The other twist is that we only use ssh access to the routers. We used
    to have telnet access during the initial roll-out phase, and there was a
    way to do it there, by pressing return when prompted for the password,
    it went through the password change.

    If this needs enable mode, we could grant this short-term to the user to
    allow them to do it - whatever it takes really, as its causing a major
    headache for the sysadmins

    We're also aware of the User Change Password module for TACACS, but
    we're some time away from getting that in place. We need something in
    the mean time.

    So it seems to boil down to a simple question: What is the IOS command a
    user would enter to change his own password on the command line?

    Sounds simple enough, but imagine a bunch of sysadmins with no Cisco
    knowledge trying to work it out. We've been all round the web, twice!,
    and nothing. If anyone has an answer, you'll be saving the sanity of 5
    very annoyed sysadmins.

    Doug, Jul 8, 2004
    1. Advertisements

  2. Doug

    MA Guest

    On our set up when you log in you type your username and enter an empty
    password, (ie: just press return) and it prompts for the old password and
    the new password.
    MA, Jul 14, 2004
    1. Advertisements

  3. Doug

    Doug Guest

    That only works if you telnet to a router, not SSH, unfortunately.
    Doug, Jul 14, 2004
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.