 Feedback
|
Table Of Contents
Software Authentication Manager Commands on Cisco IOS XR Software
Software Authentication Manager Commands on Cisco IOS XR Software
This module describes the Cisco IOS XR software commands used to configure Software Authentication Manager (SAM).
For detailed information about SAM concepts, configuration tasks, and examples, see the Configuring Software Authentication Manager on Cisco IOS XR Software configuration module.
sam add certificate
To add a new certificate to the certificate table, use the sam add certificate command in EXEC mode.
sam add certificate filepath location {trust | untrust}
Syntax Description
Defaults
No default behavior or values
Command Modes
EXEC
Command History
Usage Guidelines
To use this command, you must be in a user group associated with a task group that includes the proper task IDs. For detailed information about user groups and task IDs, see the Configuring AAA Services on Cisco IOS XR Software module of the Cisco IOS XR System Security Configuration Guide.
For security reasons, the sam add certificate command can be issued only from the console or auxiliary port of the networking device; the command cannot be issued from a Telnet connection to any other interface on the networking device.
The certificate must be copied to the network device before it can be added to the certificate table. If the certificate is already present in the certificate table, the SAM rejects the attempt to add it.
When adding root certificates, follow these guidelines:
•
Only the certificate authority (CA) root certificate can be added to the root location.
•
Use of the trust keyword assumes that you received the new certificate from a source that you trust, and therefore have enough confidence in its authenticity to bypass validation by the SAM. One example of acquiring a certificate from a trusted source is downloading it from a CA server (such as Cisco.com) that requires user authentication. Another example is acquiring the certificate from a person or entity that you can verify, such as by checking the identification badge for a person. If you bypass the validation protection offered by the SAM, you must verify the identity and integrity of the certificate by some other valid process.
Certificates added to the memory (mem) location validate software installed in memory. Certificates added to the disk0 or disk1 location validate software installed on those devices, respectively.
Note
Task ID
Examples
The following example shows how to add the certificate found at /bootflash/ca.bin to the certificate table in the root location without first validating the certificate:
RP/0/RP0/CPU0:router# sam add certificate /bootflash/ca.bin root trustSAM: Successful adding certificate /bootflash/ca.binThe following example shows how to add the certificate found at /bootflash/css.bin to the certificate table in the memory (mem) location after validating the certificate:
RP/0/RP0/CPU0:router# sam add certificate /bootflash/css.bin mem untrustSAM: Successful adding certificate /bootflash/css.binRelated Commands
sam delete certificate
To delete a certificate from the certificate table, use the sam delete certificate command in EXEC mode.
sam delete certificate location certificate-index
Syntax Description
location
Storage site of the certificate. Use one of the following: root, mem, disk0, disk1, or other flash device on router.
certificate-index
Number in the range from 1 to 65000.
Defaults
No default behavior or values
Command Modes
EXEC
Command History
Usage Guidelines
To use this command, you must be in a user group associated with a task group that includes the proper task IDs. For detailed information about user groups and task IDs, see the Configuring AAA Services on Cisco IOS XR Software module of the Cisco IOS XR System Security Configuration Guide.
For security reasons, the sam delete certificate command can be issued only from the console port of the networking device; the command cannot be issued from a Telnet connection to any other interface on the networking device.
Use the show sam certificate summary command to display certificates by their index numbers.
Because the certificate authority (CA) certificate must not be unknowingly deleted, the Software Authentication Manager (SAM) prompts the user for confirmation when an attempt is made to delete the CA certificate.
If a certificate stored on the system is no longer valid (for example, if the certificate has expired), you can use the sam delete certificate command to remove the certificate from the list.
Task ID
Examples
The following example shows how to delete the certificate identified by the index number 2 from the memory location:
RP/0/RP0/CPU0:router# sam delete certificate mem 2SAM: Successful deleting certificate index 2The following example shows how to cancel the deletion of the certificate identified by the index number 1 from the root location:
RP/0/RP0/CPU0:router# sam delete certificate root 1Do you really want to delete the root CA certificate (Y/N): NSAM: Delete certificate (index 1) canceledThe following example shows how to delete the certificate identified by the index number 1 from the root location:
RP/0/RP0/CPU0:router# sam delete certificate root 1Do you really want to delete the root CA certificate (Y/N): YSAM: Successful deleting certificate index 1Related Commands
Adds a new certificate to the certificate table.
Displays records in the certificate table, including the location of the certificates stored.
sam prompt-interval
To set the interval that the Software Authentication Manager (SAM) waits after prompting the user for input when it detects an abnormal condition at boot time and to determine how the SAM responds when it does not receive user input within the specified interval, use the sam prompt-interval command in global configuration mode. To reset the prompt interval and response to their default values, use the no form of this command.
sam prompt-interval time-interval {proceed | terminate}
no sam prompt-interval time-interval {proceed | terminate}
Syntax Description
Defaults
The default response is for the SAM to wait 10 seconds and then terminate the authentication task.
Command Modes
Global configuration
Command History
Usage Guidelines
To use this command, you must be in a user group associated with a task group that includes the proper task IDs. For detailed information about user groups and task IDs, see the Configuring AAA Services on Cisco IOS XR Software module of the Cisco IOS XR System Security Configuration Guide.
Use the sam prompt-interval command to control the action taken when the system detects an exception condition, such as an expired certificate during initialization of the SAM at boot time. The following message appears when the software detects the abnormal condition of a certificate authority (CA) certificate expired:
SAM detects expired CA certificate. Continue at risk (Y/N):The SAM waits at the prompt until you respond or the time interval controlled by the sam prompt-interval command expires, whichever is the earlier event. If you respond "N" to the prompt, the boot process is allowed to complete, but no packages can be installed.
The following message appears when the software detects the abnormal condition of a Code Signing Server (CSS) certificate expired:
SAM detects CA certificate (Code Signing Server Certificate Authority) has expired. The validity period is Oct 17, 2000 01:46:24 UTC - Oct 17, 2015 01:51:47 UTC. Continue at risk? (Y/N) [Default:N w/in 10]:If you do not respond to the prompt, the SAM waits for the specified interval to expire, and then it takes the action specified in the sam prompt-interval command (either the proceed or terminate keyword).
If you enter the command with the proceed keyword, the SAM waits for the specified interval to expire, and then it proceeds as if you had given a "yes" response to the prompt.
If you enter the command with the terminate keyword, the SAM waits for the specified interval to expire, and then it proceeds as if you had given a "no" response to the prompt. This use of the command keeps the system from waiting indefinitely when the system console is unattended.
Note
Task ID
Examples
The following example shows how to tell the SAM to wait 30 seconds for a user response to a prompt and then terminate the requested SAM processing task:
RP/0/RP0/CPU0:router# configureRP/0/RP0/CPU0:router(config)# sam prompt-interval 30 terminateRelated Commands
sam verify
To use the Message Digest 5 (MD5) hash algorithm to verify the integrity of the software component on a flash memory card and ensure that it has not been tampered with during transit, use the sam verify command in EXEC mode.
sam verify {location | file-system} {MD5 | SHA [digest]}
Syntax Description
Defaults
No default behavior or values
Command Modes
EXEC
Command History
Usage Guidelines
To use this command, you must be in a user group associated with a task group that includes the proper task IDs. For detailed information about user groups and task IDs, see the Configuring AAA Services on Cisco IOS XR Software module of the Cisco IOS XR System Security Configuration Guide.
Use the sam verify command to generate a message digest for a given device. The message digest is useful for determining whether software on a flash memory card has been tampered with during transit. The command generates a hash code that can be used to compare the integrity of the software between the time it was shipped and the time you received it.
For example, if you are given a flash memory card with preinstalled software and a previously generated MD5 message digest, you can verify the integrity of the software using the sam verify command:
sam verify device MD5 digestThe device argument specifies the flash device. The digest argument specifies the message digest supplied by the originator of the software.
If the message digest matches the message digest generated by the sam verify command, the software component is valid.
Note
Task ID
Examples
The example shows a third sam verify command, issued with a mismatched message digest, to show the Software Authentication Manager (SAM) response to a mismatch. The following example shows how to use MD5 to generate a message digest on the entire file system on the flash memory card in slot 0 and then use that message digest as input to perform the digest comparison:
RP/0/RP0/CPU0:router# sam verify disk0: MD5Total file count in disk0: = 813082183cb6e65a44fd7ca95fe8e93def6RP/0/RP0/CPU0:router# sam verify disk0: MD5 082183cb6e65a44fd7ca95fe8e93def6Total file count in disk0: = 813Same digest valuesRP/0/RP0/CPU0:router# sam verify disk0: MD5 3216c9282d97ee7a40b78a4e401158bdTotal file count in disk0: = 813Different digest valuesThe following example shows how to use MD5 to generate a message digest and then uses that message digest as input to perform the digest comparison:
RP/0/RP0/CPU0:router# sam verify disk0: /crl_revoked.bin MD538243ffbbe6cdb7a12fa9fa6452956acRP/0/RP0/CPU0:router# sam verify disk0: /crl_revoked.bin MD5 38243ffbbe6cdb7a12fa9fa6452956acSame digest valuesshow sam certificate
To display records in the certificate table, use the show sam certificate command in EXEC mode.
show sam certificate {detail location certificate-index | brief {all | location}}
Syntax Description
Defaults
No default behavior or values
Command Modes
EXEC
Command History
Usage Guidelines
To use this command, you must be in a user group associated with a task group that includes the proper task IDs. For detailed information about user groups and task IDs, see the Configuring AAA Services on Cisco IOS XR Software module of the Cisco IOS XR System Security Configuration Guide.
Use the show sam certificate command when you want to display all the certificates stored in the system. Attributes are certificate number, certificate flag, serial number, subject name, issued by, version, issuing algorithm, not-before and not-after dates, public key, and signature.
To get the certificate number, use the certificate-index argument. When used with the brief keyword, the all keyword displays selected attributes for all the entries in the table.
When used with the brief keyword, the location argument displays selected attributes for only the certificates stored in a specific location. Use one of the following: root, mem, disk0, disk1, or other flash device on router.
Task ID
Examples
In the example, the root location has one certificate, and disk0 has one certificate. The following sample output is from the show sam certificate command:
RP/0/RP0/CPU0:router# show sam certificate summary all-------------------- SUMMARY OF CERTIFICATES -------------------Certificate Location :rootCertificate Index :1Certificate Flag :VALIDATEDSerial Number :32:E0:A3:C6:CA:00:39:8C:4E:AC:22:59:1B:61:03:9FSubject Name :cn=Code Signing Server Certificate Authority,o=Cisco,c=USIssued By :cn=Code Signing Server Certificate Authority,o=Cisco,c=USValidity Start :[UTC] Tue Oct 17 01:46:24 2000Validity End :[UTC] Sat Oct 17 01:51:47 2015CRL Distribution Pointfile://\\CodeSignServer\CertEnroll\Code%20Signing%20Server%20Certificate%20Authority.crlCertificate Location :memCertificate Index :1Certificate Flag :VALIDATEDSerial Number :01:27:FE:79:00:00:00:00:00:05Subject Name :cn=Engineer code sign certificateIssued By :cn=Code Signing Server Certificate Authority,o=Cisco,c=USValidity Start :[UTC] Tue Oct 9 23:14:28 2001Validity End :[UTC] Wed Apr 9 23:24:28 2003CRL Distribution Pointfile://\\CodeSignServer\CertEnroll\Code%20Signing%20Server%20Certificate %20Authority.crlTable 31 describes the significant fields shown in the display.
The following sample output from the show sam certificate command shows how to display particular SAM details:
RP/0/RP0/CPU0:router# show sam certificate detail mem 1------------------------------------------------------------Certificate Location :memCertificate Index :1Certificate Flag :VALIDATED----------------------- CERTIFICATE ------------------------Serial Number :01:27:FE:79:00:00:00:00:00:05Subject Name :cn=Engineer code sign certificateIssued By :cn=Code Signing Server Certificate Authority,o=Cisco,c=USValidity Start :[UTC] Tue Oct 9 23:14:28 2001Validity End :[UTC] Wed Apr 9 23:24:28 2003CRL Distribution Pointfile://\\CodeSignServer\CertEnroll\Code%20Signing%20Server%20Certificate%20Authority.crlVersion 3 certificateIssuing Algorithm:MD5withRSAPublic Key BER (294 bytes):30 82 01 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 [0.."0...*.H.....]01 05 00 03 82 01 0f 00 30 82 01 0a 02 82 01 01 [........0.......]00 be 75 eb 9b b3 d9 cb 2e d8 c6 db 68 f3 5a ab [..u.........h.Z.]0c 17 d3 84 16 22 d8 18 dc 3b 13 99 23 d8 c6 94 [....."...;..#...]91 15 15 ec 57 ea 68 dc a5 38 68 6a cb 0f 4b c2 [....W.h..8hj..K.]43 4b 2d f9 92 94 93 04 df ff ca 0b 35 1d 85 12 [CK-.........5...]99 e9 bd bc e2 98 99 58 fe 6b 45 38 f0 52 b4 cb [.......X.kE8.R..]a9 47 cd 22 aa ce 70 0e 4c 9b 48 a1 cf 0f 4a db [.G."..p.L.H...J.]35 f5 1f 20 b7 68 cb 71 2c 27 01 84 d6 bf 4e d1 [5.. .h.q,'....N.]ba e1 b2 50 e7 f1 29 3a b4 85 3e ac d7 cb 3f 36 [...P..):..>...?6]96 65 30 13 27 48 84 f5 fe 88 03 4a d7 05 ed 72 [.e0.'H.....J...r]4b aa a5 62 e6 05 ac 3d 20 4b d6 c9 db 92 89 38 [K..b...= K.....8]b5 14 df 46 a3 8f 6b 05 c3 54 4d a2 83 d4 b7 02 [...F..k..TM.....]88 2d 58 e7 a4 86 1c 48 77 68 49 66 a1 35 3e c4 [.-X....HwhIf.5>.]71 20 aa 18 9d 9f 1a 38 52 3c e3 35 b2 19 12 ad [q .....8R<.5....]99 ad ce 68 8b b0 d0 29 ba 25 fd 1e e0 5d aa 12 [...h...).%...]..]9c 44 89 63 89 62 e3 cb f3 5d 5f a3 7c b7 b9 ef [.D.c.b...]_.|...]01 89 5b 33 35 a8 81 60 38 61 4e d8 4f 6a 53 70 [..[35..`8aN.OjSp]35 02 03 01 00 01 [5.....]Certificate signature (256 bytes):67 f6 12 25 3f d4 d2 dd 6a f7 3e 55 b8 9f 33 53 [g..%?...j.>U..3S]20 4d d1 17 54 08 8a 70 22 35 92 59 9c 03 9c 0f [ M..T..p"5.Y....]ce 46 3c 06 74 d0 a9 8e b1 88 a2 35 b3 eb 1b 00 [.F<.t......5....]5c 6d bb 1d b5 ad 17 19 f2 c6 96 87 9b e7 15 01 [\m..............]b2 04 af 7d 92 60 d9 ee ef bc 60 4e 2e af 84 e2 [...}.`....`N....]42 fe 07 71 7e fc ee ee f5 d1 6d 71 e7 46 f0 97 [B..q~.....mq.F..]e0 e8 b3 0e f9 07 e0 de 6e 36 5a 56 1e 80 10 05 [........n6ZV....]59 d9 88 ba f7 a3 d1 f6 cd 00 12 9f 90 f0 65 83 [Y.............e.]e9 0f 76 a4 da eb 1b 1b 2d ea bd be a0 8a fb a7 [..v.....-.......]a5 18 ff 9f 5c e9 99 66 f0 d3 90 ae 49 3f c8 cc [....\..f....I?..]32 6b db 64 da fd f5 42 ea bc f3 b0 8a 2f 17 d8 [2k.d...B...../..]cf c0 d8 d4 3a 41 ae 1d cf 7a c6 a6 a1 65 c2 94 [....:A...z...e..]8a ba ea d3 da 3e 8a 44 9b 47 35 10 ab 61 1b 4f [.....>.D.G5..a.O]82 dd 59 16 d5 f2 1d f3 c2 08 cc 1c 7f ab be 9c [..Y.............]be 52 73 ea e0 89 d7 6f 4d d0 d8 aa 3d 50 d6 b0 [.Rs....oM...=P..]e1 ea 3b 27 50 42 08 d6 71 eb 66 37 b1 f5 f6 5d [..;'PB..q.f7...]]Table 32 describes the significant fields shown in the display.
show sam crl
To display the records in the certificate revocation list (CRL) table, use the show sam crl command in EXEC mode.
show sam crl {summary | detail crl-index}
Syntax Description
Defaults
No default behavior or values
Command Modes
EXEC
Command History
Usage Guidelines
To use this command, you must be in a user group associated with a task group that includes the proper task IDs. For detailed information about user groups and task IDs, see the Configuring AAA Services on Cisco IOS XR Software module of the Cisco IOS XR System Security Configuration Guide.
Use the show sam crl command when you want to display all the revoked certificates currently stored on the system. Attributes are CRL index number, issuer, and update information.
To get the CRL index number, use the summary keyword.
Task ID
Examples
The following sample output is from the show sam crl command for the summary keyword:
RP/0/RP0/CPU0:router# show sam crl summary----------------------- SUMMARY OF CRLs --------------------------CRL Index :1Issuer:CN = Code Sign Server Certificate Manager, OU = Cisco HFR mc , O =Cisco,L = San Jose, ST = CA, C = US, EA =<16> iosmx-css-cert@cisco.comIncluding updates of:Sep 09, 2002 03:50:41 GMTTable 33 describes the significant fields shown in the display.
The following sample output is from the show sam crl command for the detail keyword:
RP/0/RP0/CPU0:router# show sam crl detail 1-----------------------------------------------------------------CRL Index :1-------------- CERTIFICATE REVOCATION LIST (CRL) -----------------Issuer:CN = Code Sign Server Certificate Manager, OU = Cisco HFR mc , O = Cisco,L = San Jose, ST = CA, C = US, EA =<16> iosmx-css-cert@cisco.comIncluding updates of:Sep 09, 2002 03:50:41 GMTRevoked certificates include:Serial #:61:2C:5C:83:00:00:00:00:00:44, revoked on Nov 03, 2002 00:59:02 GMTSerial #:21:2C:48:83:00:00:00:00:00:59, revoked on Nov 06, 2002 19:32:51 GMT-------------------------------------------------------------------------------Table 34 describes the significant fields shown in the display.
show sam log
To display the contents of the Software Authentication Manager (SAM) log file, use the show sam log command in EXEC mode.
show sam log [lines-number]
Syntax Description
Defaults
The show sam log command without a lines-number argument displays all the lines in the log file.
Command Modes
EXEC
Command History
Usage Guidelines
To use this command, you must be in a user group associated with a task group that includes the proper task IDs. For detailed information about user groups and task IDs, see the Configuring AAA Services on Cisco IOS XR Software module of the Cisco IOS XR System Security Configuration Guide.
The SAM log file records changes to the SAM tables, including any expired or revoked certificates, table digest mismatches, and SAM server restarts.
Task ID
Examples
The following sample output is from the show sam log command:
RP/0/RP0/CPU0:router# show sam log06/16/02 12:03:44 UTC Added certificate in table root/1 CN = Certificate Manage, 0x0106/16/02 12:03:45 UTC SAM server restarted through router reboot06/16/02 12:03:47 UTC Added CRL in table CN = Certificate Manage, updated at Nov 10, 2001 04:11:42 GMT06/16/02 12:03:48 UTC Added certificate in table mem:/1 CN = Certificate Manage, 0x1e06/16/02 12:16:16 UTC SAM server restarted through router reboot06/16/02 12:25:02 UTC SAM server restarted through router reboot06/16/02 12:25:04 UTC Added certificate in table mem:/1 CN = Certificate Manage, 0x1e06/16/02 12:39:30 UTC SAM server restarted through router reboot06/16/02 12:39:30 UTC SAM server restarted through router reboot06/16/02 12:40:57 UTC Added certificate in table mem/1 CN = Certificate Manage, 0x1e33 entries shownEach line of output shows a particular logged event such as a table change, expired or revoked certificates, table digest mismatches, or SAM server restarts.
show sam package
To display information about the certificate used to authenticate the software for a particular package installed on the networking device, use the show sam package command in EXEC mode.
show sam package package-name
Syntax Description
Defaults
No default behavior or values
Command Modes
EXEC
Command History
Usage Guidelines
To use this command, you must be in a user group associated with a task group that includes the proper task IDs. For detailed information about user groups and task IDs, see the Configuring AAA Services on Cisco IOS XR Software module of the Cisco IOS XR System Security Configuration Guide.
Use the show install all command to display the installed location and name of the software package—for example, mem:ena-base-0.0.0 or disk1:crypto-exp-lib-0.4.0—and then use the show sam package command to display information about the certificate used to authenticate that installed package. The show sam package command displays the same information as the show sam certificate command for the detail keyword.
Task ID
Examples
The following sample output is from the show sam package command:
RP/0/RP0/CPU0:router# show sam package mem:12k-rp-1.0.0------------------------------------------------------------Certificate Location :memCertificate Index :1Certificate Flag :VALIDATED----------------------- CERTIFICATE ------------------------Serial Number :01:27:FE:79:00:00:00:00:00:05Subject Name :cn=Engineer code sign certificateIssued By :cn=Code Signing Server Certificate Authority,o=Cisco,c=USValidity Start :[UTC] Tue Oct 9 23:14:28 2001Validity End :[UTC] Wed Apr 9 23:24:28 2002CRL Distribution Pointfile://\\CodeSignServer\CertEnroll\Code%20Signing%20Server%20Certificate%20Authority.crlVersion 3 certificateIssuing Algorithm:MD5withRSAPublic Key BER (294 bytes):30 82 01 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 [0.."0...*.H.....]01 05 00 03 82 01 0f 00 30 82 01 0a 02 82 01 01 [........0.......]00 be 75 eb 9b b3 d9 cb 2e d8 c6 db 68 f3 5a ab [..u.........h.Z.]0c 17 d3 84 16 22 d8 18 dc 3b 13 99 23 d8 c6 94 [....."...;..#...]91 15 15 ec 57 ea 68 dc a5 38 68 6a cb 0f 4b c2 [....W.h..8hj..K.]43 4b 2d f9 92 94 93 04 df ff ca 0b 35 1d 85 12 [CK-.........5...]99 e9 bd bc e2 98 99 58 fe 6b 45 38 f0 52 b4 cb [.......X.kE8.R..]a9 47 cd 22 aa ce 70 0e 4c 9b 48 a1 cf 0f 4a db [.G."..p.L.H...J.]35 f5 1f 20 b7 68 cb 71 2c 27 01 84 d6 bf 4e d1 [5.. .h.q,'....N.]ba e1 b2 50 e7 f1 29 3a b4 85 3e ac d7 cb 3f 36 [...P..):..>...?6]96 65 30 13 27 48 84 f5 fe 88 03 4a d7 05 ed 72 [.e0.'H.....J...r]4b aa a5 62 e6 05 ac 3d 20 4b d6 c9 db 92 89 38 [K..b...= K.....8]b5 14 df 46 a3 8f 6b 05 c3 54 4d a2 83 d4 b7 02 [...F..k..TM.....]88 2d 58 e7 a4 86 1c 48 77 68 49 66 a1 35 3e c4 [.-X....HwhIf.5>.]71 20 aa 18 9d 9f 1a 38 52 3c e3 35 b2 19 12 ad [q .....8R<.5....]99 ad ce 68 8b b0 d0 29 ba 25 fd 1e e0 5d aa 12 [...h...).%...]..]9c 44 89 63 89 62 e3 cb f3 5d 5f a3 7c b7 b9 ef [.D.c.b...]_.|...]01 89 5b 33 35 a8 81 60 38 61 4e d8 4f 6a 53 70 [..[35..`8aN.OjSp]35 02 03 01 00 01 [5.....]Certificate signature (256 bytes):67 f6 12 25 3f d4 d2 dd 6a f7 3e 55 b8 9f 33 53 [g..%?...j.>U..3S]20 4d d1 17 54 08 8a 70 22 35 92 59 9c 03 9c 0f [ M..T..p"5.Y....]ce 46 3c 06 74 d0 a9 8e b1 88 a2 35 b3 eb 1b 00 [.F<.t......5....]5c 6d bb 1d b5 ad 17 19 f2 c6 96 87 9b e7 15 01 [\m..............]b2 04 af 7d 92 60 d9 ee ef bc 60 4e 2e af 84 e2 [...}.`....`N....]42 fe 07 71 7e fc ee ee f5 d1 6d 71 e7 46 f0 97 [B..q~.....mq.F..]e0 e8 b3 0e f9 07 e0 de 6e 36 5a 56 1e 80 10 05 [........n6ZV....]59 d9 88 ba f7 a3 d1 f6 cd 00 12 9f 90 f0 65 83 [Y.............e.]e9 0f 76 a4 da eb 1b 1b 2d ea bd be a0 8a fb a7 [..v.....-.......]a5 18 ff 9f 5c e9 99 66 f0 d3 90 ae 49 3f c8 cc [....\..f....I?..]32 6b db 64 da fd f5 42 ea bc f3 b0 8a 2f 17 d8 [2k.d...B...../..]cf c0 d8 d4 3a 41 ae 1d cf 7a c6 a6 a1 65 c2 94 [....:A...z...e..]8a ba ea d3 da 3e 8a 44 9b 47 35 10 ab 61 1b 4f [.....>.D.G5..a.O]82 dd 59 16 d5 f2 1d f3 c2 08 cc 1c 7f ab be 9c [..Y.............]be 52 73 ea e0 89 d7 6f 4d d0 d8 aa 3d 50 d6 b0 [.Rs....oM...=P..]Table 35 describes the significant fields shown in the display.
Related Commands
show sam sysinfo
To display current configuration settings for the Software Authentication Manager (SAM), use the show sam sysinfo command in EXEC mode.
show sam sysinfo
Syntax Description
This command has no arguments or keywords.
Defaults
No default behavior or values
Command Modes
EXEC
Command History
Usage Guidelines
To use this command, you must be in a user group associated with a task group that includes the proper task IDs. For detailed information about user groups and task IDs, see the Configuring AAA Services on Cisco IOS XR Software module of the Cisco IOS XR System Security Configuration Guide.
Use the show sam sysinfo command to determine the configuration settings of the SAM.
The display shows the status of the SAM, current prompt interval setting, and current prompt default response.
Task ID
Examples
The following sample output is from the show sam sysinfo command:
RP/0/RP0/CPU0:router# show sam sysinfoSoftware Authentication Manager System Information==============================================Status : runningPrompt Interval : 10 secPrompt Default Response : NOTable 36 describes the significant fields shown in the display.
Related Commands
