Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Cisco IOS password encryption facts

From: mide () NATVERKET COM (Michael Degerman)
Date: Thu, 13 Nov 1997 19:58:15 +0100


Not necessarily.  If you use TACACS+ for AAA and enable AAA accounting,
you will (at least in my humble experience) be unable to get in - the cisco
must send an accounting record to the TACACS+ server, but it can't reach
the TACACS+ server, so it refuses to let you in.  (If anyone knows how to
get around this without turning off aaa accounting, *please* let me know! =)


If you don't put a "login" line on the vty's in the Cisco box then you
will have problems, like the senario you just describe. But if you put
a "login" line on the vty's the Cisco will start with the tacacs+ login
prompt and then after trying to get a respons from the tacacs+ it will
time-out and give you a default login..
It's also depending on how you implement the tacacs+ login which
password you have as backup.. Some times you got too have a password
defined on the vty's as well because it's the default setting if noting
else is specified.





(Also note that I may have any and/or all of the above wrong - it's so long
that I can't quite remember all the exact details...)


Hey! It might be easy to learn but it's a lot easier to forget!

//Michael Degerman
------------------------------------------------------------------------
A lonely guy with a lot on the mind!
Previous By Date Next
Previous By Thread Next

Current thread: