White Papers
Abstract
Creating Secret for TACACS credentials
Content
Generally, customers that are actively using TACACS can continue to rely on that system for managing the passwords for their CISCO devices. TACACS is effective at managing the local netadmin password and can provide detailed logging when accessing those devices when being used to its fullest. When TACACS is managing the password you will not be able to change the local account password from Secret Server.
In these cases, Secret Server can be used to store the admin/root credentials that are used to access TACACS administration. Since these credentials are highly privileged it makes sense to audit their access in Secret Server and track that their passwords are being changed regularly. The netadmin password can also be stored in Secret Server (using a custom template without password changing) for the same tracking and auditing purposes. You can also setup the netadmin password template to use the Putty Launcher so admins may use that to get to specific devices without revealing the password.
[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSWHLP","label":"IBM Security Secret Server"},"Component":"Secret Server usage with TACACS","Platform":[{"code":"PF016","label":"Linux"}],"Version":"10.x","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}}]
Was this topic helpful?
Document Information
Modified date:
18 November 2019
UID
ibm11108101