> At the end of the day, rancid is an automated solution trying to connect to > devices that require authentication. The details need to be stored somewhere > on the system that runs rancid, and if they are available to rancid, they are > available to anyone who can gain rancid's permissions on that system. You > will probably also want to ensure that you have rancid configured to obscure > passwords.
Other options, used in combination with command authorization, are to add an external password method to cloginrc that retrieves an OTP or password storage. Per-device passwords, in a password store, are another. None of which really improve the security, IMO. command authorization is the best improvement. _______________________________________________ Rancid-discuss mailing list [email protected] https://www.shrubbery.net/mailman/listinfo/rancid-discuss
