Cisco TACACS - PASSCODE

Ed Ravin eravin at panix.com
Sat Feb 25 06:19:12 UTC 2006


On Fri, Feb 24, 2006 at 05:47:37PM -0800, Chris Moody wrote:
> I have added an auth method for TACACS enable on Cisco routers/switches. 
>  This handles "PASSCODE:" prompts.
> 
> This may have been implemented/addressed elsewhere, but the latest 
> version of rancid I pulled down and installed did not have this capability.

...
>       send "enable\r"
>       expect {
>   	-re "$u_prompt"	{ send "$enauser\r"; exp_continue}
>   	-re "$e_prompt"	{ send "$enapasswd\r"; exp_continue}
> + 	-re "$t_prompt"	{ send "$enapasswd\r"; exp_continue}
...
> +     #####
> +     # 02.23.06 - adding PASSCODE method
> +     set t_prompt [find enableprompt $router]
> +     if { "$t_prompt" == "" } {
> + 	set t_prompt "\PASSCODE:"
> +     } else {
> + 	set t_prompt [join [lindex $t_prompt 0] ""]
> +     }
> +     #####

Since $e_prompt is a regular expression, why not forget about
the patch and instead do something like this in cloginrc:

   add enableprompt {\[Pp]assword:|PASSCODE:}

Also, ISTR that you can control the TACACS enable prompt from the
TACACS server - so depending on which server you're running, it might
be possible to change the enable prompt back to the usual.



More information about the Rancid-discuss mailing list