Rancid+Cisco privs?

Andrew Fort afort at choqolat.org
Sun Nov 27 23:10:18 UTC 2005

Shaun wrote:
> Thanks all your responces, sounds like, i guess, that i should just run a 
> priv 15 user...  might as well save user/passwords then too if somebody 
> gains access to the rancid user they'll have the login/pass from cloginrc 
> anyway and thats not even encrypted ;)

the recommended way is to use TAC+, and TAC+ command authori[sz]ation, 
so the rancid user can't go to configuration mode.  you may find the 
tac_plus.conf stanza you need in the mailing list archives somewhere. 
if not, the command list is in bin/rancid towards the end.  keep in mind 
you'll need "exit" in that list, also.


More information about the Rancid-discuss mailing list