nanog mailing list archives

Re: The state of TACACS+

From: Michael Douglas <Michael.Douglas () IEEE org>
Date: Mon, 29 Dec 2014 13:38:36 -0500

If someone has physical access to a Cisco router they can initiate a
password recovery; tacacs vs local account doesn't matter at that point.

On Mon, Dec 29, 2014 at 12:28 PM, Colton Conor <colton.conor () gmail com>
wrote:

Glad to know you can make local access only work if TACAS+ isn't
available. However, that still doesn't prevent the employee who know the
local username and password to unplug the device from the network, and the
use the local password to get in. Still better than our current setup of
having one default username and password that everyone knows.

Current thread:

Re: The state of TACACS+, (continued)
- Re: The state of TACACS+ Colton Conor (Dec 29)
  - Re: The state of TACACS+ Scott Helms (Dec 29)
    - Re: The state of TACACS+ Colton Conor (Dec 29)
    - Re: The state of TACACS+ joseph . snyder (Dec 29)
    - Re: The state of TACACS+ Jared Mauch (Dec 29)
    - Re: The state of TACACS+ Scott Helms (Dec 29)
    - Re: The state of TACACS+ Robert Drake (Dec 29)
    - Re: The state of TACACS+ Berry Mobley (Dec 29)
    - Re: The state of TACACS+ Michael Douglas (Dec 29)
    - Re: The state of TACACS+ Colton Conor (Dec 29)
    - Re: The state of TACACS+ Michael Douglas (Dec 29)
    - Re: The state of TACACS+ Tim Raphael (Dec 29)
- RE: The state of TACACS+ emille (Dec 29)
- Re: The state of TACACS+ Clay Curtis (Dec 31)