[rancid] Re: Need to know if mutiple usernames can be set in the.clogin file

Jayaraj, Chandrasekaran Chandrasekaran.Jayaraj at in.standardchartered.com
Tue Jun 26 05:01:20 UTC 2007 

Hi All ,

Thanks for all your inputs .It was an eye opener for me . I will have to
make this work with my current cisco tacacs configuration that I have .

But still I see a good amount of information using the GUI on what has
changed. 

By the way can anyone say what are these lines (sample of my diff
output)

Index: configs/10.132.17.66
===================================================================
retrieving revision 1.7
diff -U4 -r1.7 10.132.17.66        
@@ -498,9 +498,9 @@     - I don't understand what this line means
   no ip address                 - Also it always shows these 3 lines.
   no ip route-cache
   shutdown
  !
- ip http server
+ no ip http server
  !
  ip access-list extended Core_marking_AF12_Admin
   permit tcp any any eq smtp
   permit tcp any eq smtp any

While actually what I changed on the switch was the lines after the +
sign .

Anyone have a document on how to understand this output ?  ( I am aware
of the cvs-web and its cool but I would to like this to explain this
thing to my managers who will see this email stuff only ) 

warm regards,
------------------------------------------------------------------------
-----
Chandrasekaran J
 
------------------------------------------------------------------------
-----
-----Original Message-----
From: john heasley [mailto:heas at shrubbery.net] 
Sent: Monday, June 25, 2007 10:59 PM
To: Jayaraj, Chandrasekaran
Cc: rancid-discuss at shrubbery.net
Subject: Re: [rancid] Re: Need to know if mutiple usernames can be set
in the.clogin file

Mon, Jun 25, 2007 at 01:16:17PM +0530, Jayaraj, Chandrasekaran:
> 
> 
> Hi ,
> 
> Thanks for the swift response . We do have cisco tacacs installed
using
> ACS.
> 
> Even when we have that there may be multiple users who will be a part
of
> the authentication group who will actually have level 15 access . 
> 
> So say for eg we have a group called noc-users and there are 3 users
> namely user1 ,user2 ,user3 who will have privilege 15 access . 
> 
> But currently my cloginrc file has the entry in below format
> 
> add user *      user1 and 
> 
> add password * testpwd enabletestpwd
> 
> 
> 
> So how can I check if I login as a user2 and do some change ? 

each user has their own HOME and  $HOME/.cloginrc.

> Currently all I get from rancid is that a diff output mail with the
> difference and no mention of the username doing the change .

The others are correct, there is no attribution and no way to be certain
of
it without tacacs (or radius?) login and command accounting.  You can
further
associate specific changes with rancid by using SEC; see the rancid FAQ,
section 3 question 5.  With the time from the accounting logs, you can
approximately determine the user; approximate because multiple change
could
occur in the time taken for the collection.
This email is confidential. If you are not the addressee tell the sender immediately and destroy this email
without using, sending or storing it. Emails are not secure and may suffer errors, viruses, delay,
interception and amendment. Standard Chartered PLC and subsidiaries ("SCGroup") do not accept liability for
damage caused by this email and may monitor email traffic.

More information about the Rancid-discuss mailing list