Bugtraq mailing list archives
Re: Cisco IOS password encryption facts
From: mide () NATVERKET COM (Michael Degerman)
Date: Thu, 13 Nov 1997 19:58:15 +0100
Not necessarily. If you use TACACS+ for AAA and enable AAA accounting, you will (at least in my humble experience) be unable to get in - the cisco must send an accounting record to the TACACS+ server, but it can't reach the TACACS+ server, so it refuses to let you in. (If anyone knows how to get around this without turning off aaa accounting, *please* let me know! =)
If you don't put a "login" line on the vty's in the Cisco box then you will have problems, like the senario you just describe. But if you put a "login" line on the vty's the Cisco will start with the tacacs+ login prompt and then after trying to get a respons from the tacacs+ it will time-out and give you a default login.. It's also depending on how you implement the tacacs+ login which password you have as backup.. Some times you got too have a password defined on the vty's as well because it's the default setting if noting else is specified.
(Also note that I may have any and/or all of the above wrong - it's so long that I can't quite remember all the exact details...)
Hey! It might be easy to learn but it's a lot easier to forget! //Michael Degerman ------------------------------------------------------------------------ A lonely guy with a lot on the mind!
Current thread:
- Re: Intel Pentium Bug, (continued)
- Re: Intel Pentium Bug Kragen \ (Nov 10)
- Possible solution: [Fwd: I figured out how to make my Pentium Miguel Angel Rodriguez Jodar (Nov 10)
- Re: Intel Pentium Bug Tim Newsham (Nov 10)
- CERT Advisory CA-97.25 - CGI_metachar Aleph One (Nov 10)
- Re: CERT Advisory CA-97.25 - CGI_metachar Greg Bacon (Nov 11)
- L0pht Advisory: IE4.0 DilDog (Nov 10)
- L0pht Advisory: IE4.0 Petri Helenius (Nov 10)
- Cisco IOS password encryption facts John Bashinski (Nov 10)
- Re: Cisco IOS password encryption facts ice9 (Nov 11)
- Re: Cisco IOS password encryption facts J. Sean Connell (Nov 11)
- Re: Cisco IOS password encryption facts Michael Degerman (Nov 13)
- mode of the i586 F0 bug VaX#n8 (Nov 12)
- Re: mode of the i586 F0 bug Alan Cox (Nov 12)
- Linux F00F Patch Aleph One (Nov 12)
- Re: Safe /tmp cleanup Randal Schwartz (Nov 12)
- Re: Safe /tmp cleanup dsiebert () ICAEN UIOWA EDU (Nov 13)
- another buffer overrun in sperl5.003 Pavel Kankovsky (Nov 13)
- Re: Safe /tmp cleanup Valdis Kletnieks (Nov 13)
- IE4.0 patch Richard Trott (Nov 13)
- X Security problem (?) Carlo Wood (Nov 13)
- Re: X Security problem (?) Matthias Buelow (Nov 14)