[c-nsp] TACACS "emergency" password management
Mark Tinka
mtinka at globaltransit.net
Tue Nov 2 04:35:42 EDT 2010
On Tuesday, November 02, 2010 08:01:13 am David Rothera
wrote:
> We just have two levels, one for the first-line guys who
> can run show commands but no config changes or clearing
> of things and another level for everyone else.
>
> It seems to work pretty well for us and then there is the
> accounting side of being able to point fingers at people
> when things break... :P
I've always wondered why (maybe it's supported and I just
haven't figured out how) RANCID updates don't include the
username of the person that made the changes which caused
the updates in the first place in Cisco, like Juniper does.
I write/understand code for sh**, so I'm not sure whether
this is a limitation in IOS(-**) or RANCID. But having this
for Juniper helps a great deal, as it's much easier to tell
who made the last change(s).
Cheers,
Mark.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: This is a digitally signed message part.
URL: <https://puck.nether.net/pipermail/cisco-nsp/attachments/20101102/092d43f7/attachment.bin>
More information about the cisco-nsp
mailing list