Cisco TACACS - PASSCODE
Ed Ravin
eravin at panix.com
Sat Feb 25 06:19:12 UTC 2006
On Fri, Feb 24, 2006 at 05:47:37PM -0800, Chris Moody wrote:
> I have added an auth method for TACACS enable on Cisco routers/switches.
> This handles "PASSCODE:" prompts.
>
> This may have been implemented/addressed elsewhere, but the latest
> version of rancid I pulled down and installed did not have this capability.
...
> send "enable\r"
> expect {
> -re "$u_prompt" { send "$enauser\r"; exp_continue}
> -re "$e_prompt" { send "$enapasswd\r"; exp_continue}
> + -re "$t_prompt" { send "$enapasswd\r"; exp_continue}
...
> + #####
> + # 02.23.06 - adding PASSCODE method
> + set t_prompt [find enableprompt $router]
> + if { "$t_prompt" == "" } {
> + set t_prompt "\PASSCODE:"
> + } else {
> + set t_prompt [join [lindex $t_prompt 0] ""]
> + }
> + #####
Since $e_prompt is a regular expression, why not forget about
the patch and instead do something like this in cloginrc:
add enableprompt {\[Pp]assword:|PASSCODE:}
Also, ISTR that you can control the TACACS enable prompt from the
TACACS server - so depending on which server you're running, it might
be possible to change the enable prompt back to the usual.
More information about the Rancid-discuss
mailing list