password stores?

Shawn Solomon ssolomon at ind.net
Tue Jul 23 18:23:10 UTC 2002


One common solution is a hash based on the cpe site name or some other
unique key provided by the cpe information (address, ph #, etc).
Changing the hash occasionally provides new passwords, and it is all
easily scripted..



-----Original Message-----
From: Daniska Tomas [mailto:tomas at tronet.com] 
Sent: Tuesday, July 23, 2002 2:35 AM
To: nanog at merit.edu
Subject: password stores?


hi,

i'm wondering how large isps offering managed cpe services manage their
password databases.

let's say radius/tacacs is used for normal cpe user aaa, but there is
some 'backup' local user account created on the cpe for situations when
the radius server is unreachable. for security reasons, this backup
account (as well as snmp communities, radius key etc.) is unique per cpe
to avoid frauds caused by end-users (even if one does password recovery
on the cpe, they still don't have the password for other cpe's).

if there are hundreds or thousands of these cpe's that could mean
storing of tens thousands of password. are there any crypto-based
products available or do the people use their own stuff?


thanks

--
 
Tomas Daniska
systems engineer
Tronet Computer Networks
Plynarenska 5, 829 75 Bratislava, Slovakia
tel: +421 2 58224111, fax: +421 2 58224199
 
A transistor protected by a fast-acting fuse will protect the fuse by
blowing first.




More information about the NANOG mailing list