[tac_plus] tac_plus Logging Security concerns

John Heasley heas at shrubbery.net
Thu Oct 23 14:57:12 UTC 2014 

Am Oct 23, 2014 um 2:55 AM schrieb Josten, Michael <Michael.Josten at hs-niederrhein.de>:
> 
> Hello,
> 
> i am worried about user input being logged to my tac_plus logfile. I recently compiled version F4.0.4.27a
> under debian 7.6 to implement PAM functionality. Everything is working good so far, but I took a very close
> look into my /var/log/tacacs/tacacs file after my colleague informed me about him being able to read his
> password in cleartext in the logging file. I did further troubleshooting on various switch models like
> HP procurves, Brocade icx, fcx and mlx switches and even stoneold Enterasys N Series dinosaur switches
> with aaa accounting settings, encryption settings etc. turned off and on. I started the tac_plus daemon with
> several debugging levels and no debugging at all and can't get rid of the password being shown in the logs.

Grüßen, It should not log any of that information without enabling debugging. Before trying to disable this logging, did you have any debug options on the command-line?

I can test this when I have a terminal in a few hours. 

> Even the secret is show in cleartext. I posted a failed authentication part of the logfile on pastebin.
> http://pastebin.com/sffJkFJc   just search for the term "bein" that's the part I am talking about.
> 
> Best regards
> Michael Josten
> Mitarbeiter IT-Betrieb
> Hochschule Niederrhein
> KIS - Kommunikations und Informationssysteme Service
> Niederrhein University of Applied Sciences
> Communication and Informationsystems Service
> Reinarzstr. 49
> D - 47805 Krefeld
> Telefon: +49 2151 822 3129
> Fax: +49 2151 822 853123
> Email: michael.josten at hs-niederrhein.de<mailto:michael.josten at hs-niederrhein.de>
> www.hs-niederrhein.de<http://www.hs-niederrhein.de/>
> 
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <http://www.shrubbery.net/pipermail/tac_plus/attachments/20141023/5b60da86/attachment.html>
> _______________________________________________
> tac_plus mailing list
> tac_plus at shrubbery.net
> http://www.shrubbery.net/mailman/listinfo/tac_plus

More information about the tac_plus mailing list