[tac_plus] tac_plus Logging Security concerns

John Heasley heas at shrubbery.net
Thu Oct 23 17:13:33 UTC 2014


Thu, Oct 23, 2014 at 07:57:12AM -0700, John Heasley:
> Am Oct 23, 2014 um 2:55 AM schrieb Josten, Michael <Michael.Josten at hs-niederrhein.de>:
> > 
> > Hello,
> > 
> > i am worried about user input being logged to my tac_plus logfile. I recently compiled version F4.0.4.27a
> > under debian 7.6 to implement PAM functionality. Everything is working good so far, but I took a very close
> > look into my /var/log/tacacs/tacacs file after my colleague informed me about him being able to read his
> > password in cleartext in the logging file. I did further troubleshooting on various switch models like
> > HP procurves, Brocade icx, fcx and mlx switches and even stoneold Enterasys N Series dinosaur switches
> > with aaa accounting settings, encryption settings etc. turned off and on. I started the tac_plus daemon with
> > several debugging levels and no debugging at all and can't get rid of the password being shown in the logs.
> 
> Grüßen, It should not log any of that information without enabling debugging. Before trying to disable this logging, did you have any debug options on the command-line?
> 
> I can test this when I have a terminal in a few hours. 

I do not see this logging occuring by default, that is without -d options,
on debian 7.7.  Please ensure that you are not using -d (debug) options.

> > Even the secret is show in cleartext. I posted a failed authentication part of the logfile on pastebin.
> > http://pastebin.com/sffJkFJc   just search for the term "bein" that's the part I am talking about.
> > 
> > Best regards
> > Michael Josten
> > Mitarbeiter IT-Betrieb
> > Hochschule Niederrhein
> > KIS - Kommunikations und Informationssysteme Service
> > Niederrhein University of Applied Sciences
> > Communication and Informationsystems Service
> > Reinarzstr. 49
> > D - 47805 Krefeld
> > Telefon: +49 2151 822 3129
> > Fax: +49 2151 822 853123
> > Email: michael.josten at hs-niederrhein.de<mailto:michael.josten at hs-niederrhein.de>
> > www.hs-niederrhein.de<http://www.hs-niederrhein.de/>
> > 
> > -------------- next part --------------
> > An HTML attachment was scrubbed...
> > URL: <http://www.shrubbery.net/pipermail/tac_plus/attachments/20141023/5b60da86/attachment.html>
> > _______________________________________________
> > tac_plus mailing list
> > tac_plus at shrubbery.net
> > http://www.shrubbery.net/mailman/listinfo/tac_plus
> _______________________________________________
> tac_plus mailing list
> tac_plus at shrubbery.net
> http://www.shrubbery.net/mailman/listinfo/tac_plus


More information about the tac_plus mailing list