Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. RANCID>
  3. Users
RANCID indiscretion
rbrewer at lava
Nov 13, 2002, 11:23 AM
Post #1 of 5 (1388 views)
Permalink
I've noticed that for our Juniper M5s, RANCID insists on including
encrypted passwords in email diffs. I know that for some config fields on
some devices, RANCID knows to censor the email, but that doesn't seem to
happen for JUNOS:

retrieving revision 1.186
diff -u -4 -r1.186 foo.lava.net
@@ -216,9 +216,9 @@
full-name Joey;
uid 150;
class wheel;
authentication {
- encrypted-password "$1$ebscb3$snwiqn32HF3k8ncZpqlAknY.";
+ encrypted-password "$1$9skeNalaQpd3$nbs$kyegnSnaRGnzl/";
}
}
user jim {
full-name "Jim Stevens";

Is this something that can be easily fixed? Mahalo.
RANCID indiscretion [ In reply to ]
afort at choqolat
Nov 13, 2002, 1:10 PM
Post #2 of 5 (1383 views)
Permalink
Robert Brewer wrote,

> I've noticed that for our Juniper M5s, RANCID insists on including
> encrypted passwords in email diffs. I know that for some
> config fields on
> some devices, RANCID knows to censor the email, but that
> doesn't seem to
> happen for JUNOS:
>
> Is this something that can be easily fixed? Mahalo.
>

Setting FILTER_PWDS to "ALL" in ./bin/env will do this.

-afort
RANCID indiscretion [ In reply to ]
heas at shrubbery
Nov 13, 2002, 3:47 PM
Post #3 of 5 (1367 views)
Permalink
Thu, Nov 14, 2002 at 08:10:56AM +1100, Andrew Fort:
> Robert Brewer wrote,
>
> > I've noticed that for our Juniper M5s, RANCID insists on including
> > encrypted passwords in email diffs. I know that for some
> > config fields on
> > some devices, RANCID knows to censor the email, but that
> > doesn't seem to
> > happen for JUNOS:
> >
> > Is this something that can be easily fixed? Mahalo.
> >
>
> Setting FILTER_PWDS to "ALL" in ./bin/env will do this.
>
> -afort

true. the passwords that were in the original email were md5; not very
easily reversible and hence included.
RANCID indiscretion [ In reply to ]
mohacsi at niif
Nov 14, 2002, 12:07 AM
Post #4 of 5 (1362 views)
Permalink
On Wed, 13 Nov 2002, Robert Brewer wrote:

> I've noticed that for our Juniper M5s, RANCID insists on including
> encrypted passwords in email diffs. I know that for some config fields on
> some devices, RANCID knows to censor the email, but that doesn't seem to
> happen for JUNOS:

Not the e-mail censored, but the config file can be stored in secured way:
Set up
FILTER_PWDS=ALL; export FILTER_PWDS

in your rancid env file. By default passwords are not filtered.
Janos Mohacsi
RANCID indiscretion [ In reply to ]
heas at shrubbery
Nov 14, 2002, 1:03 PM
Post #5 of 5 (1373 views)
Permalink
Thu, Nov 14, 2002 at 09:07:29AM +0100, Janos Mohacsi:
>
>
> On Wed, 13 Nov 2002, Robert Brewer wrote:
>
> > I've noticed that for our Juniper M5s, RANCID insists on including
> > encrypted passwords in email diffs. I know that for some config fields on
> > some devices, RANCID knows to censor the email, but that doesn't seem to
> > happen for JUNOS:
>
> Not the e-mail censored, but the config file can be stored in secured way:
> Set up
> FILTER_PWDS=ALL; export FILTER_PWDS
>
> in your rancid env file. By default passwords are not filtered.
> Janos Mohacsi
>

by default, only easily reversable passwords are filtered. also see
the NOCOMMSTR variable in evn(5).

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal