[rancid] Re: unencrypted passwords in .cloginrc ...

Wed Nov 1 06:02:10 UTC 2006

One loophole is that some places that don't allow unencrypted passwords do allow trusted ssh keys.  This doesn't always work, but can on some non-cisco gear this is an option.  On a side note, it's important to point out that sometimes it's not the company itself that requires the lack of unencrypted passwords but the auditors from 1. your customers or 2. regulatory commissions.  If you encrypt the file system as a whole would this meet the criteria your coworkers have stipulated?
                - Mark

William Yardley <rancid at veggiechinese.net> wrote: On Thu, Oct 26, 2006 at 11:42:12PM +0200, Arnold Nipper wrote:
> On 26.10.2006 23:28 John Dworske wrote

> > Is there any way getting around using unencrypted passwords in the
> > .cloginrc file ?  My co-workers will not let me use rancid unless we
> > can come up with something more secure ?
> 
> "chmod 600 .cloginrc" is not secure enough?

I'm not exactly disagreeing with the sentiments expressed on the list,
but just to play devil's advocate.... for one thing, some businesses
have to deal with security checklists for various types of compliance,
and often there are cookie cutter requirements like "no passwords for X
type of device stored in cleartext". Now I think most people here would
probably agree that filling out a checklist isn't going to make a
network more or less secure, but the fact of the matter is that some
corporations care more concerned about saying that they checked that box
than about having actual security.

w

_______________________________________________
Rancid-discuss mailing list
Rancid-discuss at shrubbery.net
http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss

---------------------------------
We have the perfect Group for you. Check out the handy changes to Yahoo! Groups.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20061031/a28b41d9/attachment.html 