Dirk-Jan van Helmond <c-...@djvh.nl> wrote: > > Don't use RSA authentication for automated processes? > Use local accounts, or if your devices support it SSH public keys are a handy option. To be honest you would be crazy to rely just on RSA authentication as if your RADIUS server is dead you will not be able to log into *any* of your switching infrastructure...oh your RADIUS server might be dead because of a network issue :)
Also why VoIP is great, no support calls to deal with when there are problems :) So in short, you *have* to have a local backup account...even if it is only accessible via a serial console server. > If the authentication isn't being sent plaintext, there is no added > security in using one time passwords for automated processes. > I have to take grumblings against that. OTP's go a good way to stop bruteforce attacks[1] and also goes a long way to *prove* that the person logging in has not had their credentials p0wned. Cheers [1] well if you are using naff pincode jobs (RSA or HOTP for example), then maybe it is pointless not but rfc2289 is rather good -- Alexander Clouter .sigmonster says: Girls are better looking in snowstorms. -- Archie Goodwin _______________________________________________ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/