networking-forum.com
Community BlogCommunity Wiki * Register  * Search  * Login
View unanswered postsView active topics

Board index » Cisco Networking » Cisco Security

All times are UTC - 6 hours [ DST ]


Post new topic Reply to topic  Page 1 of 1
  [ 7 posts ] 
  Print view Previous topic | Next topic 
Author Message
sam304
PostPosted: Wed Nov 02, 2011 1:17 am 
Offline
New Member
New Member

Joined: Wed Nov 02, 2011 12:57 am
Posts: 1
Hello all

Is it possible to encrypt password provided for the ldap-login-password attribute in the ASA configuration? Our auditor is not comfortable with the LDAP (AD) password appearing in clear text in the configuration


cheers.
Top
 Profile  
 
Axis
PostPosted: Wed Nov 02, 2011 8:41 am 
Offline
Ultimate Member
Ultimate Member
User avatar

Joined: Thu Nov 04, 2010 9:55 am
Posts: 931
Location: Austin, Tx
Certs: CCNA
I think we just used an "adreader" account that literally only has access to crawl the AD and nothing else But I'd like to know myself.

_________________
The best part about telling UDP jokes is I don't really care if you get them or not.
Top
 Profile  
 
ibarrere
PostPosted: Wed Nov 02, 2011 9:00 am 
Offline
Cisco Inferno
Cisco Inferno
User avatar

Joined: Mon Jul 10, 2006 12:58 am
Posts: 10201
Location: Seattle
Yeah, it's not possible to encrypt it. I, like Axis, use a very limited account for LDAP authentication, and you should as well. There are only a few privileges it needs.

_________________
Reasonably un-nerdy blog:
americanwerewolfinbelgrade.wordpress.com/
Top
 Profile  
 
willroute4food
PostPosted: Tue Nov 08, 2011 5:21 pm 
Offline
Member
Member

Joined: Fri Nov 13, 2009 4:42 pm
Posts: 199
Certs: CCIE R&S
ditto...i try to make it (the password) look like an md5 hash too...just so the occasional passerby cant read it.
Top
 Profile  
 
willroute4food
PostPosted: Fri Nov 11, 2011 11:52 am 
Offline
Member
Member

Joined: Fri Nov 13, 2009 4:42 pm
Posts: 199
Certs: CCIE R&S
Just saw that if your running 8.3 there is a 'master passphrase' that you can set to encrypt your "in config" passwords.

key config-key password-encryption <key>
Top
 Profile  
 
ibarrere
PostPosted: Fri Nov 11, 2011 1:11 pm 
Offline
Cisco Inferno
Cisco Inferno
User avatar

Joined: Mon Jul 10, 2006 12:58 am
Posts: 10201
Location: Seattle
willroute4food wrote:
Just saw that if your running 8.3 there is a 'master passphrase' that you can set to encrypt your "in config" passwords.

key config-key password-encryption <key>


Nice, that's pretty cool, didn't know about that one.

_________________
Reasonably un-nerdy blog:
americanwerewolfinbelgrade.wordpress.com/
Top
 Profile  
 
Axis
PostPosted: Fri Nov 11, 2011 1:51 pm 
Offline
Ultimate Member
Ultimate Member
User avatar

Joined: Thu Nov 04, 2010 9:55 am
Posts: 931
Location: Austin, Tx
Certs: CCNA
Wow ya, I didn't know about that one either...you'd think there would be more info about it since it's a pretty nice update

_________________
The best part about telling UDP jokes is I don't really care if you get them or not.
Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  Page 1 of 1
  [ 7 posts ] 

Board index » Cisco Networking » Cisco Security

All times are UTC - 6 hours [ DST ]

Who is online

Users browsing this forum: blueracer, javin and 13 guests

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group