One loophole is that some places that don't allow unencrypted passwords do allow trusted ssh keys. This doesn't always work, but can on some non-cisco gear this is an option. On a side note, it's important to point out that sometimes it's not the company itself that requires the lack of unencrypted passwords but the auditors from 1. your customers or 2. regulatory commissions. If you encrypt the file system as a whole would this meet the criteria your coworkers have stipulated?<br> - Mark<br><br><b><i>William Yardley <rancid@veggiechinese.net></i></b> wrote:<blockquote class="replbq" style="border-left: 2px solid rgb(16, 16, 255); margin-left: 5px; padding-left: 5px;"> On Thu, Oct 26, 2006 at 11:42:12PM +0200, Arnold Nipper wrote:<br>> On 26.10.2006 23:28 John Dworske wrote<br><br>> > Is there any way getting around using unencrypted passwords in
the<br>> > .cloginrc file ? My co-workers will not let me use rancid unless we<br>> > can come up with something more secure ?<br>> <br>> "chmod 600 .cloginrc" is not secure enough?<br><br>I'm not exactly disagreeing with the sentiments expressed on the list,<br>but just to play devil's advocate.... for one thing, some businesses<br>have to deal with security checklists for various types of compliance,<br>and often there are cookie cutter requirements like "no passwords for X<br>type of device stored in cleartext". Now I think most people here would<br>probably agree that filling out a checklist isn't going to make a<br>network more or less secure, but the fact of the matter is that some<br>corporations care more concerned about saying that they checked that box<br>than about having actual security.<br><br>w<br><br>_______________________________________________<br>Rancid-discuss mailing
list<br>Rancid-discuss@shrubbery.net<br>http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss<br></blockquote><br><p> 
<hr size=1>We have the perfect Group for you. Check out the <a href="http://pa.yahoo.com/*http://us.rd.yahoo.com/evt=41144/*http://groups.yahoo.com/local/newemail.html">handy changes to Yahoo! Groups.</a>