[c-nsp] TACACS+ best practices
Affan Basalamah
affanzbasalamah at gmail.com
Mon Apr 24 13:06:16 EDT 2006
Hi all,
Our network wants to deploy tacplus-based user auth for all our cisco
router. I have read all the documentations and configuration
examples, and I feel ready for deployment, but still I want to know
something about tacplus in some subjects :
1. I used free tacplus version from cisco, installed by freebsd ports.
2. I configured user properties on tacplus.conf, and use des
encryption for user password. Do I have better alternatives with
passwd encryption, say MD5 hash ?
3. I want to configure redundand tacplus server, synchronized with
simple script.
By that configuration, do our configuration still vulnerable for
hacker/kiddies that want to get access to my router ? FYI I have
configure the router with ACL for snmp and telnet/ssh, and follow
cisco security recommendation (cymru and ciscopress books).
-affan
More information about the cisco-nsp
mailing list