RE: Silly TACACs mistake

From: Pratt, Jeremy (JPratt@coh.org)
Date: Wed Apr 02 2003 - 19:40:32 GMT-3

• Next message: Baety Wayne SrA 18 CS/SCBX: "RE: Redist OSPF into EIGRP . -does connected supercede process?"
• Previous message: Mike Williams: "RE: Eigrp stub"
• Maybe in reply to: Brian Dennis: "RE: Silly TACACs mistake"
• Next in thread: Mark Newcomb: "RE: Silly TACACs mistake"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

The enable secret would come into play if your aaa command was entered
as:
aaa authentication login default group tacacs+ enable
aaa authorization exec default group tacacs+ if-authenticated local
aaa authorization network default group tacacs+ enable
aaa accounting update newinfo
aaa accounting exec default start-stop group tacacs+
aaa accounting commands 15 default stop-only group tacacs+
aaa accounting network default start-stop group tacacs+

If your tacacs server is operational then you are good. If it's not then
you
will have to use password recovery.

-----Original Message-----
From: Brennan_Murphy@NAI.com [mailto:Brennan_Murphy@NAI.com]
Sent: Wednesday, April 02, 2003 11:56 AM
To: ccielab@groupstudy.com
Subject: OT: Silly TACACs mistake

Suppose you placed this config on a router:

aa new-model
aaa authentication login default group tacacs+ local
aaa authorization exec default group tacacs+ none
aaa accounting exec default start-stop group tacacs+
aaa accounting commands 15 default start-stop group tacacs+
aaa accounting system default start-stop group tacacs+

and you forgot to include this:

username cisco password cisco

Is password recovery the only way to recover? What
if you also had this:

enable secret ciscosecret

?

thx,
bm

------------------------------------------------------------------------------
SECURITY/CONFIDENTIALITY WARNING: This message and any attachments are
intended solely for the individual or entity to which they are
addressed. This communication may contain information that is
privileged, confidential, or exempt from disclosure under applicable law
(e.g., personal health information, research data, financial
information). Because this e-mail has been sent without encryption,
individuals other than the intended recipient may be able to view the
information, forward it to others or tamper with the information without
the knowledge or consent of the sender. If you are not the intended
recipient, or the employee or person responsible for delivering the
message to the intended recipient, any dissemination, distribution or
copying of the communication is strictly prohibited. If you received
the communication in error, please notify the sender immediately by
replying to this message and deleting the message and any accompanying
files from your system. If, due to the security risks, you do not wish
to receive further communications via e-mail, please reply to this
message and inform the sender that you do not wish to receive further
e-mail from the sender.
==============================================================================

• Next message: Baety Wayne SrA 18 CS/SCBX: "RE: Redist OSPF into EIGRP . -does connected supercede process?"
• Previous message: Mike Williams: "RE: Eigrp stub"
• Maybe in reply to: Brian Dennis: "RE: Silly TACACs mistake"
• Next in thread: Mark Newcomb: "RE: Silly TACACs mistake"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu May 01 2003 - 13:35:45 GMT-3