[rancid] Alternatives to cleartext password in .cloginrc ?

Matt Almgren matta at surveymonkey.com
Wed May 6 15:40:38 UTC 2015


I’m just curious, if you’re not using TAC+ or RADIUS, how do you manage
authorization (user levels, permissions per device, etc)?

Thanks, Matt









On 5/6/15, 8:31 AM, "Lukasz Sokol" <el.es.cr at gmail.com> wrote:

>On 06/05/15 16:19, Matt Almgren wrote:
>> Ssh keys are still on the table and that is one of the alternatives.
>
>They are relatively easy to roll out on rancid by itself - I did it after
>some
>googling, and it wasn't too bad... (key based ident is mentioned in one
>of the articles
>that pop up when googling for rancid and ssh... adapted a bit to my
>debian needs and that's
>it, all it really needed.)
>
>> However, I¹d like to use TAC+ as well for authorization and accounting.
>
>However I've no notion or knowledge of TAC+ sorry...
>
>> 
>> However, I¹m not finding too much information for incorporating TAC+
>>with
>> SSH keys.   If we went that route, that would probably solve most of our
>> issues - albeit more of a headache to roll out.
>> 
>> Thanks, Matt
>> 
>
>el es



More information about the Rancid-discuss mailing list