[rancid] Cisco PIX (version 7) tacacs server key

Gee-clough, Aaron (NIH/CIT) [C] geecla at mail.nih.gov
Wed Feb 21 19:29:35 UTC 2007

	I'm running rancid against a number of Cisco PIXs quite happily,
but have noticed a problem with PIX 7 and rancid: PIX 7 stores the
TACACS server key differently than IOS.  It's stored in the PIX 7 config
like this:

aaa-server tacacs host x.x.x.x
 key xxxxxxxxx

So, the existing regex to remove the tacacs key in rancid aren't
catching this, since the "key" bit is on a new line.  I'm thinking about
adding a regex to rancid that's just:

/^\s+key (\S+)$/

to catch the line with a starting space, then the word "key", but I'm
concerned that this would have a pretty high false positive rate and
might cut out other useful stuff.  Does anyone have any better ideas as
to how to properly purge the TACACS key from a PIX config?


Aaron Gee-Clough
Contractor.  Geek. 

More information about the Rancid-discuss mailing list