[rancid] Re: Need to know if mutiple usernames can be set in the.clogin file

john heasley heas at shrubbery.net
Mon Jun 25 17:28:50 UTC 2007


Mon, Jun 25, 2007 at 01:16:17PM +0530, Jayaraj, Chandrasekaran:
> 
> 
> Hi ,
> 
> Thanks for the swift response . We do have cisco tacacs installed using
> ACS.
> 
> Even when we have that there may be multiple users who will be a part of
> the authentication group who will actually have level 15 access . 
> 
> So say for eg we have a group called noc-users and there are 3 users
> namely user1 ,user2 ,user3 who will have privilege 15 access . 
> 
> But currently my cloginrc file has the entry in below format
> 
> add user *      user1 and 
> 
> add password * testpwd enabletestpwd
> 
> 
> 
> So how can I check if I login as a user2 and do some change ? 

each user has their own HOME and  $HOME/.cloginrc.

> Currently all I get from rancid is that a diff output mail with the
> difference and no mention of the username doing the change .

The others are correct, there is no attribution and no way to be certain of
it without tacacs (or radius?) login and command accounting.  You can further
associate specific changes with rancid by using SEC; see the rancid FAQ,
section 3 question 5.  With the time from the accounting logs, you can
approximately determine the user; approximate because multiple change could
occur in the time taken for the collection.


More information about the Rancid-discuss mailing list