Beefy Boxes and Bandwidth Generously Provided by pair Networks
There's more than one way to do things
 
PerlMonks  

Re: hard-coding ID & password

by Tuna (Friar)
on Apr 28, 2001 at 07:35 UTC ( [id://76343]=note: print w/replies, xml ) Need Help??


in reply to hard-coding ID & password

Well, this is the first time I've actually seen someone freely admit that their question was a homework assignment/project, etc. I will give you a hint:

I work for a Tier-1 ISP, and have a little program that allows me to automate logging into any of our routers and issue commands. I use it to archive router configs, bgp tables, show diagbus, show ver, etc. It has two login levels; user & enable (privileged). This program needs a config file in the user's directory called .cisco_addresses.username, which contains either level 1 user/passwords or level 1 & level 2 user/passwords. I create these files for users as needed, and make sure that they are readable/writable only by the user. If the user needs to archive the output of commands, then he/she needs another config file, ie rquery_cisco.pl.show-run.user.

That said, I think that hard-coding ID/passswords is risky business. The only reason I need to do it the way I have described, is that we have literally hundreds of routers, most of which have unique user/password combinations. Additionally, only 2 people other than myself (aside from the neteng group) have access to level 2 login privileges.

I agree that in the future, you should phrase your questions using a bit more detail.

Replies are listed 'Best First'.
Re: Re: hard-coding ID & password
by Clownburner (Monk) on Apr 28, 2001 at 23:02 UTC
    May I suggest implementing RADIUS or TACACS for login control? You'd be able to track who was logged in when, and not have to coordinate passwords between routers, making adding/changing/removing users/admins from your system much simpler.

    We have a similar application and it works quite well.

    As for the posters' question, if you're asking how to obscure the passwords in a plain-text file, MD5 is about the best option available, but far from foolproof. Any other option is just a simple "obfuscation" and is easily broken even by script kiddies.
    "Non sequitur. Your facts are un-coordinated." - Nomad

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: note [id://76343]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others perusing the Monastery: (5)
As of 2024-05-21 10:52 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found