[rancid] Re: Rancid and cisco 'autocommand' users?
Austin Schutz
tex at off.org
Wed Apr 25 18:33:24 UTC 2007
On Wed, Apr 25, 2007 at 11:00:54AM -0700, Austin Schutz wrote:
> On Wed, Apr 25, 2007 at 02:19:04PM +0100, Phil Stoneman wrote:
> > Hi folks,
> >
> > We're currently involved in a deployment of rancid for some cisco
> > equipment that we manage. We're fairly uncomfortable with storing
> > full-privilege passwords in plaintext anywhere.
> >
> > One solution to this might be for us to configure a user with an
> > autocommand:
> >
> > username auditor password 0 mypassword
> > username auditor privilege 15 autocommand show running-config
> >
> > When the user 'auditor' logs in, the configuration is dumped (with any
> > --More-- bits in between), and the connection is then closed.
>
> I fail to see how automatically logging in the users from an ACL of
> hosts is more secure than doing that plus requiring a password.
>
Nm, I completely misunderestimated that initial comment, sorry.
Austin
More information about the Rancid-discuss
mailing list