Open for Voting

2FA for CatTools

Need to add 2FA support for Cattools - Regulators and examiners hav demanded that we enable 2FA on all CISCO equipment, and with it enabled, Cattools will not backup configs anymore.

Source: Case # 01319098

  • Upon further discovery, the 2FA issue inside of Cattools only manifests itself when you run a job with multiple devices piled up in the job. Apparently the Cisco MFA software is slow, and you'll get the auth request for the first device on the authenticating device, but all other subsequent devices fail, and that's why we're getting onesies when we run the bulk job. Experimentation shows that, if you request each device separately, with a time lapse between each device request due to the one-on-one nature of the job, then the 2FA software has enough time to queue the authenticating device and receive the response, and Cattools then backs up the config for that device. Cumbersome, but it works. which means that, instead of one job that gets all devices, I need individual jobs for each device separately, and also includes that I have to trigger each job manually, with an appropriate delay between each job. RFC might need to be amended to insert a dime delay between each item queued in a bulk job, so as to allot enough time for the 2FA process to complete the round-robin approval process for each device.