[rancid] Alternatives to cleartext password in .cloginrc ?
Matt Almgren
matta at surveymonkey.com
Wed May 6 15:19:52 UTC 2015
Ssh keys are still on the table and that is one of the alternatives.
However, I¹d like to use TAC+ as well for authorization and accounting.
However, I¹m not finding too much information for incorporating TAC+ with
SSH keys. If we went that route, that would probably solve most of our
issues - albeit more of a headache to roll out.
Thanks, Matt
On 5/6/15, 8:05 AM, "Lukasz Sokol" <el.es.cr at gmail.com> wrote:
>On 05/05/15 19:38, Matt Almgren wrote:
>>
>>
>>
>> What are the available options, if any, to using non-cleartext
>> passwords for Rancid in the .cloginrc file? We also use TAC+ as the
>> backend AAA.
>
>I've no TAC+, but
>
>>
>> This wasn¹t a huge concern for me until I realized that it goes
>> against some of the PCI compliance regulations about storing
>> passwords in the clear.
>
>Did you consider rancid over ssh private/public key pairs
>(do your devices support ssh, in the first place)?
>
>>
>> Thanks, Matt
>>
>
>HTH
>Lukasz
>
>
>_______________________________________________
>Rancid-discuss mailing list
>Rancid-discuss at shrubbery.net
>http://www.shrubbery.net/mailman/listinfo/rancid-discuss
More information about the Rancid-discuss
mailing list