From theoren28 at hotmail.com Thu Dec 25 14:02:03 2008 From: theoren28 at hotmail.com (Oren Nechushtan) Date: Thu, 25 Dec 2008 14:02:03 +0000 Subject: [tac_plus] Tacacs+-F4.0.4-15 bugs/suggestions Message-ID: Hi Guys,Cheers for maintaining the Cisco based tacacs serer code.Here are few suggestions:1. Add a --with-mschap, --with-mschap-des,--with-arap-des option to mschap, with MSCHAP on by default.2. Make '#include arap_des.h' platform dependent in default_fn.c as it is not supported on [older?]linux 3. Apply http://www.axlradius.com/tacacs/docs/TACACSClientGuide/ciscoserverdes.htm patches for MSCHAP/ARAP DES Linux support.4. Potential s-issue: buffer overflow with ARAP and long passwords: (default_fn.c) strcpy(secret,p)-> strncpy(secret,p,sizeof(secret))5. Change default known text (MSCHAP LAN challenge response) in mschap.h to 'KGS!@#$%'Keep on the good work!Oren Nechushtantheoren28 at hotmail.com _________________________________________________________________ Send e-mail anywhere. No map, no compass. http://windowslive.com/oneline/hotmail?ocid=TXT_TAGLM_WL_hotmail_acq_anywhere_122008 -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/tac_plus/attachments/20081225/230e49a9/attachment.html From yusri at tm.net.my Mon Dec 29 17:53:22 2008 From: yusri at tm.net.my (Mohd Yusri Mahadi) Date: Tue, 30 Dec 2008 01:53:22 +0800 Subject: [tac_plus] Need Help : tac_plus configuration Message-ID: <031401c969de$578722a0$0200000a@SarahNaufal> Dear tac_plus Support, Just need your expert opinion on the tac_plus configuration file. Is there a way to differentiate 'shared key' between NAS1 and NAS2. For example NAS 1's shared key is 'testabc' and NAS2's shared key is 'testxyz'. I believe that commercial tac_plus has that features. For your info, I'm currently using tac_plus version F4.0.4.15 installed on Solaris 10. And never tried tac_plus before. Thanks. MOHD YUSRI MAHADI -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/tac_plus/attachments/20081230/198a87a0/attachment.html -------------- next part -------------- A non-text attachment was scrubbed... Name: Mohd Yusri Mahadi.vcf Type: text/x-vcard Size: 132 bytes Desc: not available Url : http://www.shrubbery.net/pipermail/tac_plus/attachments/20081230/198a87a0/attachment.vcf From heas at shrubbery.net Tue Dec 30 23:35:22 2008 From: heas at shrubbery.net (john heasley) Date: Tue, 30 Dec 2008 23:35:22 +0000 Subject: [tac_plus] Re: Need Help : tac_plus configuration In-Reply-To: <031401c969de$578722a0$0200000a@SarahNaufal> References: <031401c969de$578722a0$0200000a@SarahNaufal> Message-ID: <20081230233522.GC15194@shrubbery.net> try the host directive. thats the only method I know of. Tue, Dec 30, 2008 at 01:53:22AM +0800, Mohd Yusri Mahadi: > Dear tac_plus Support, > > Just need your expert opinion on the tac_plus configuration file. Is there a way to differentiate 'shared key' between NAS1 and NAS2. For example NAS 1's shared key is 'testabc' and NAS2's shared key is 'testxyz'. I believe that commercial tac_plus has that features. > > For your info, I'm currently using tac_plus version F4.0.4.15 installed on Solaris 10. And never tried tac_plus before. > > > > Thanks. > > > MOHD YUSRI MAHADI > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: http://www.shrubbery.net/pipermail/tac_plus/attachments/20081230/198a87a0/attachment.html > -------------- next part -------------- > A non-text attachment was scrubbed... > Name: Mohd Yusri Mahadi.vcf > Type: text/x-vcard > Size: 132 bytes > Desc: not available > Url : http://www.shrubbery.net/pipermail/tac_plus/attachments/20081230/198a87a0/attachment.vcf > _______________________________________________ > tac_plus mailing list > tac_plus at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/tac_plus