[tac_plus] Questions about a simple setup.
Hayden Katzenellenbogen
hayden at nextlevelinternet.com
Thu Jan 26 21:27:30 UTC 2012
I have a couple hundred devices that are managed by a support team. They
have full access to these devices so I will not need authorization. (In
the future I might).
If all that I need to do is manage passwords in a central location using
tac_plus. Is the config as simple as having a user for each team member
and an enable password. And a tac-key.
The remote devices then only need authorization commands and the rest
can be blank.
Next as far as simple security.
* I will have the two tac_plus servers behind a firewall only allowing
port 49.
* I am running as a non-root user.
* The configs are not viewable by anyone by root/tacacs user.
* Passwords are des encrypted with a salt.
For now I want to keep this as simple as possible.
Thanks to everyone who responds.
Hayden
Hayden Katzenellenbogen
haydenk at nextlevelinternet.com
NextLevel Internet
858-836-0700
www.nextlevelinternet.com
By the way, we are never too busy for referrals!
If you know someone who might be interested in our services (Hosted PBX,
Voice, Internet, Metro Ethernet, Co-Location) or who is unhappy with
their current communications provider, we will take exceptional care of
them!
More information about the tac_plus
mailing list