I keep finding more places in Solarwinds where CLI credentials are assigned - NCM of course, but also IPAM, and Network Service Assurance.
Solarwinds needs to provide a way to quickly and easily change CLI credentials so we can rotate passwords periodically. These credentials usually have super-user permissions on our devices in order to do their job and must be changed periodically.
Currently, I can only assign a new credential set to nodes in bulk for NCM. But rather than simply changing the password in the Global Connection Profile, I must create a new one and assign it.
It's not clear that changing the password in the Global Connection Profile is picked up by all my nodes using that profile.
Furthermore, when I DID change the account password on my authentication server Solarwinds was essentially causing a DOS to my TACACS+ servers because there were other places where the old credentials were still used that I did not know about and Solarwinds was trying over and over to use the old credentials from these other functions.
This caused a network event that affected other functions also trying to use TACACS+ for authentication. This was very bad.
I've still left the old credentials active so as not to take out our TACACS+ server until I figure out all the places I need to change credentials and am painstakingly trying to change them.
This is very bad security.
ps. the "How to Create a Feature Request" link doesn't work for me.
-Brian
