[rancid] Re: Rancid and cisco 'autocommand' users?

Austin Schutz tex at off.org
Wed Apr 25 18:33:24 UTC 2007


On Wed, Apr 25, 2007 at 11:00:54AM -0700, Austin Schutz wrote:
> On Wed, Apr 25, 2007 at 02:19:04PM +0100, Phil Stoneman wrote:
> > Hi folks,
> > 
> > We're currently involved in a deployment of rancid for some cisco 
> > equipment that we manage. We're fairly uncomfortable with storing 
> > full-privilege passwords in plaintext anywhere.
> > 
> > One solution to this might be for us to configure a user with an 
> > autocommand:
> > 
> > username auditor password 0 mypassword
> > username auditor privilege 15 autocommand show running-config
> > 
> > When the user 'auditor' logs in, the configuration is dumped (with any 
> > --More-- bits in between), and the connection is then closed.
> 
> 	I fail to see how automatically logging in the users from an ACL of
> hosts is more secure than doing that plus requiring a password.
> 

	Nm, I completely misunderestimated that initial comment, sorry.

	Austin



More information about the Rancid-discuss mailing list