Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Cisco IOS password encryption facts

From: ankh () canuck gen nz (J. Sean Connell)
Date: Wed, 12 Nov 1997 14:13:49 +1300

On Tue, 11 Nov 1997, ice9 wrote:


This is why, if you are worried about security, perhaps TACACS+ would be
a good option.  Even if the router can't reach the TACACS server, with
proper configuration, you will still need the enable passwd just to enter
maintenance mode...


Not necessarily.  If you use TACACS+ for AAA and enable AAA accounting,
you will (at least in my humble experience) be unable to get in - the cisco
must send an accounting record to the TACACS+ server, but it can't reach
the TACACS+ server, so it refuses to let you in.  (If anyone knows how to
get around this without turning off aaa accounting, *please* let me know! =)

(Also note that I may have any and/or all of the above wrong - it's so long
that I can't quite remember all the exact details...)

--
J. S. Connell      | Systems Adminstrator, ICONZ.  Any opinions stated above
ankh () canuck gen nz | are not my employers', not my boyfriends', my God's, my
ankh () iconz co nz   | friends', and probably not even my own.
-------------------+---------------------------------------------------------
            PGP key at http://www.canuck.gen.nz/~ankh/pgpkey.html
Previous By Date Next
Previous By Thread Next

Current thread: