[tac_plus] cmd=connect
heasley
heas at shrubbery.net
Tue Apr 14 16:39:09 UTC 2015
Tue, Apr 14, 2015 at 12:28:42PM -0400, Munroe Sollog:
> I'm using tac_plus as an audit history for all users, and I'm noticing that the accounting log is
> logging:
>
> cmd=connect <enable password> <cr>
>
> I believe it is whenever someone types in 'enable' <cr> '<enable password>'
>
> Does this make sense, and if so any advice on how to get tac_plus to not save the password in the
> audit log?
it could be; the contents come from the device, not from the tacacs daemon.
there is a connect command on some ciscos that connects to linecards and
remote systems and other devices may have such a commands.
More information about the tac_plus
mailing list