[c-nsp] TACACS "emergency" password management
Phil Mayers
p.mayers at imperial.ac.uk
Mon Nov 1 13:38:37 EDT 2010
On 01/11/10 16:35, Jeremy Bresley wrote:
>
> In a properly designed network, the only times I've had to use the
> locally configured username/password is when the links into the site are
Sure. But maybe the OP just prefers EEM, right?
Having said that, I'm (genuinely) curious - where do you store the local
admin password, and how often is it exercised? How do you ensure that
everyone knows it, and there won't be a major delay while you have to
dig it out of your password safe?
One reason there's a degree of comfort with only using the local
passwords at our place is that it means everyone knows (has to know) the
"real" router password. There's no possibility of a:
"darn, haven't used this in 6 months, can't remember it, oops the online
password database is down, trudge down to physical storage, open it,
oops someone forgot to update the bit of paper..."
...moment ;o)
(Of course the major reason we don't use TACACS is absence of need due
to absence of hierarchy, but I am curious how you deal with that)
More information about the cisco-nsp
mailing list