On Thu, Sep 21, 2023 at 6:56 AM Jim <mysi...@gmail.com> wrote:
...
> My understanding is a good number of password manager products exists which 
> will handle that,
> and then the only AAA  which  network devices need to be concerned about for 
> Authentication and
> Authorization is  Basic password auth,  which all equipment supports.   And 
> the security problems
> don't arise so much for using the TACACS+ / Tac_plus service Solely for 
> Accounting
> (in addition to basic remote syslog).

it's important to recognize that there's not really any protection
(practical protection) from MITM if
you use a passwd with your ssh connection.

A key'd authentication has these protections, as a quirk of the ssh
protocol... (or a design feature if you wish)
A certificate authenticated session has these same protections.

Reply via email to