Mailing List Archive

alteon support
On Mon, 25 Jun 2001, Hee-Juan Ho wrote:

> Hi John,
> OK, the alogin manages to login but the 1st command does not execute :
>
> =============== screen shot ===============
> %alogin -c '/info/sys;/cfg/dump' ad3-backbone
> ad3-backbone
> spawn telnet ad3-backbone
> Trying <IP removed>...
> Connected to ad3-backbone.
> Escape character is '^]'.
>
> Enter password:
> ------------------------------------------------------------
> [Main Menu]
> info - Information Menu
> stats - Statistics Menu
> exit - Exit [global command, always available]
>
> >> Main>

^^

okay, alogin is getting an unpriveliged login, so it is stalling. it
expects to see >> Main# -- this is probably a bug, it should ideally
finish, but just fail for the /cfg/dump bit (an unpriv'd user can still
/info/sys, kinda like you cant "write term" on a cisco when you're not
enabled). If John reckons this is not the correct behaviour, I'll fix it
:), but I cant dedicate much time over the next day or so..

for now, make sure your .cloginrc has only one password for this device,
the administrator password, e.g.

add password ad3-backbone {adminpassword}

Regards,

--
andrew fort
alteon support [ In reply to ]
>> okay, alogin is getting an unpriveliged login, so it is stalling. it
>> expects to see >> Main# -- this is probably a bug, it should ideally
>> finish, but just fail for the /cfg/dump bit (an unpriv'd
>user can still
>> /info/sys, kinda like you cant "write term" on a cisco when
>you're not
>> enabled). If John reckons this is not the correct
>behaviour, I'll fix it
>> :), but I cant dedicate much time over the next day or so..
>
>you'll have to explain the login scenario. is there a way to "enable"
>once you've logged in with a password other than adminpassword? either
>way, it should be as "fault" tolerant as possible.

cool -- I'll fix the prompt character dependancy (to make it like > as well
as #), it'll be a few days though.

Ho's issue was resolved by using the snigle password only in .cloginrc.

i.e.,

add password ad3-core {priv-user-password}

instead of

add password ad3-core {unpriv-user-password} {priv-user-password}

(the second password is ignored by alogin).

For the record, at least as far as I know, there's no way to enable once
logged in. The password (only) determines your userlevel. This muddies the
issue when you deal with using TACACS+ or RADIUS for user authentication.
SSH without AAA allows you to use any username, the password only being the
key for authentication. Yet another reason for standardisation across
vendors, eh :)

-afort