[rancid] Re: Possible to use different password in .cloginrc

[Atle Østbø]

Hi John

Thank's for you answer.

I agree there is better with one alternative is some form of "continue" token, or some kind ifelse structure, but how should it be implemented ?

I have look at the clogin file and have found the place for the login check. If login failed - og to next device.

   # Login to the router
    if {[login $router $ruser $userpswd $passwd $enapasswd $cmethod $cyphertype]} {
	# if login failed or rsh was successful, move on to the next device
----->	continue 
|    }
|    if { $enable } {
|
|
|
|----------------------------------------------------------
| I think there is here the "continue" token should be called. |
-----------------------------------------------------------



------------------------------------------------

Med vennlig hilsen/Best regards


Atle Østbø
Network Services

 

> -----Original Message-----
> From: john heasley [mailto:heas at shrubbery.net] 
> Sent: 25. november 2006 03:49
> To: Atle Østbø
> Cc: rancid-discuss at shrubbery.net
> Subject: Re: [rancid] Possible to use different password in .cloginrc
> 
> Fri, Nov 24, 2006 at 01:56:50PM +0100, Atle ?stb?:
> > Hi
> >  
> > I have installed the rancid-2.3.2a5.tar.gz on an Linux 
> RedHat server.
> >  
> > Most of our cpe and core routeres/switches have configured 
> tacacs, but there is several of them that use login/enable 
> password to get access to the configuration.
> >  
> > Are the possible to set up some roule to use the tacacs 
> login first, if that failed - then go to next match in the 
> .cloginrc file.
> >  
> > Example:
> >  
> > # Most of the routers have tacacs login - try with that first
> > add user *.no.sn.net    auto
> > add password *.no.sn.net        {rancid!}
> > add autoenable *.no.sn.net      1
> >  
> > #If login failed - try login/enable password add password 
> *.no.sn.net 
> > {differentyou}  {v8motor} add autoenable*.no.sn.net 0
> >  
> > 
> > I have used some time to search the web for some solution 
> for this, but I have not get any match.
> > If you have some tips how I should do this - please send me 
> an answer.
> > 
> > I will also say this is a wery good tool - and help us to 
> hold track for our canges on the routers.
> 
> This is not possible, ATM.  The cloginrc matching ends upon 
> the first match.  Either find some unique pattern in the name 
> of your non-tacacs devices or create one with supplemental 
> names in /etc/hosts such as prepending an _.
> 
> I'll admit that this sounds useful, and cumbersome if 
> continuation is not something you want.  Perhaps a better 
> alternative is some form of "continue"
> token, or some kind ifelse structure, but I can't envision 
> how either might work at the moment.
>