[rancid] Alternatives to cleartext password in .cloginrc ?

Lukasz Sokol el.es.cr at gmail.com
Wed May 6 15:05:52 UTC 2015


On 05/05/15 19:38, Matt Almgren wrote:
> 
> 
> 
> What are the available options, if any, to using non-cleartext
> passwords for Rancid in the .cloginrc file?   We also use TAC+ as the
> backend AAA.

I've no TAC+, but

> 
> This wasn’t a huge concern for me until I realized that it goes
> against some of the PCI compliance regulations about storing
> passwords in the clear.

Did you consider rancid over ssh private/public key pairs 
(do your devices support ssh, in the first place)?

> 
> Thanks, Matt
> 

HTH
Lukasz




More information about the Rancid-discuss mailing list