<html xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="Title" content="">
<meta name="Keywords" content="">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:#954F72;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal-reply;
font-family:Calibri;
color:windowtext;}
span.msoIns
{mso-style-type:export-only;
mso-style-name:"";
text-decoration:underline;
color:teal;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style>
</head>
<body bgcolor="white" lang="EN-US" link="#0563C1" vlink="#954F72">
<div class="WordSection1">
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:Calibri">Ok, I’ve gotten much closer and can totally de-obfuscate the packet and get this…<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:Calibri"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:Calibri"> 8 10.163.252.27 : Invalid AUTHEN/START packet (check keys)<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:Calibri"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:Calibri">Could I also be getting this because the device I am attempting to authenticate with is not permitted in an ACL?<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:Calibri"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:Calibri">Thanks,<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:Calibri"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:Calibri">Mitch<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:Calibri"><o:p> </o:p></span></p>
<div>
<div>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:Calibri;color:black">Mitch Raful<br>
Sr. Network Engineer<br>
Dimension Data Cloud Business Unit<br>
43490 Yukon Drive<br>
Ashburn, VA 21047<br>
Office: 703-724-8862<br>
Cell: 804-363-0731</span><span style="font-size:10.5pt;font-family:Calibri;color:black"><o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:Calibri"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:Calibri"><o:p> </o:p></span></p>
<div style="border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span style="font-family:Calibri;color:black">From: </span>
</b><span style="font-family:Calibri;color:black">tac_plus <tac_plus-bounces@shrubbery.net> on behalf of Alan McKinnon <alan.mckinnon@gmail.com><br>
<b>Date: </b>Wednesday, March 15, 2017 at 5:18 AM<br>
<b>To: </b>"tac_plus@shrubbery.net" <tac_plus@shrubbery.net><br>
<b>Subject: </b>Re: [tac_plus] md5 and tac_plus<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<p class="MsoNormal"><br>
<br>
On 15/03/2017 00:22, Mitch Raful (ITaaS) wrote:<br>
> I cannot find a Python based tacacs client. I am attempting to write one on my own and can’t figure out the md5 data obfuscation. How does tac_plus handling that. Does it XOR an md5 hash, and add that hash to the session_id + key, version and sequence, and
then again if needed?<br>
<br>
<br>
Not quite, but you are on the right track.<br>
<br>
There are 2 sources I can think of to fins the correct details:<br>
<br>
- There's an unapproved RFC out there from Cisco that despite never<br>
moving out of draft status, is still the way the tacacs protocol works.<br>
Usage of the key is in there.<br>
<br>
- read the tacacsplus code. I recall reading it once and the relevant<br>
function was easy to find. don;t have a copy of sources handy to lok for<br>
you though.<br>
<br>
-- <br>
Alan McKinnon<br>
alan.mckinnon@gmail.com<br>
<br>
_______________________________________________<br>
tac_plus mailing list<br>
tac_plus@shrubbery.net<br>
<a href="http://www.shrubbery.net/mailman/listinfo/tac_plus">http://www.shrubbery.net/mailman/listinfo/tac_plus</a><br>
<br>
<br>
<br>
<span style="color:white">itevomcid</span> <o:p></o:p></p>
</div>
</body>
</html>