[tac_plus] tac_plus Logging Security concerns

Josten, Michael Michael.Josten at hs-niederrhein.de
Fri Oct 24 04:55:14 UTC 2014 

Hello,

i think i found the problem. I didn't create the /etc/default file and the daemon always started in debugging mode.
At least in my world this makes sense ;) but what about the secret being shown in the logfile ? Is that a usual behavior ?
Thanks for your help so far.

Best regards
Michael Josten

-----Ursprüngliche Nachricht-----
Von: John Heasley [mailto:heas at shrubbery.net] 
Gesendet: Donnerstag, 23. Oktober 2014 19:14
An: Josten, Michael
Cc: tac_plus at shrubbery.net
Betreff: Re: [tac_plus] tac_plus Logging Security concerns

Thu, Oct 23, 2014 at 07:57:12AM -0700, John Heasley:
> Am Oct 23, 2014 um 2:55 AM schrieb Josten, Michael <Michael.Josten at hs-niederrhein.de>:
> > 
> > Hello,
> > 
> > i am worried about user input being logged to my tac_plus logfile. I 
> > recently compiled version F4.0.4.27a under debian 7.6 to implement 
> > PAM functionality. Everything is working good so far, but I took a 
> > very close look into my /var/log/tacacs/tacacs file after my 
> > colleague informed me about him being able to read his password in 
> > cleartext in the logging file. I did further troubleshooting on 
> > various switch models like HP procurves, Brocade icx, fcx and mlx switches and even stoneold Enterasys N Series dinosaur switches with aaa accounting settings, encryption settings etc. turned off and on. I started the tac_plus daemon with several debugging levels and no debugging at all and can't get rid of the password being shown in the logs.
> 
> Grüßen, It should not log any of that information without enabling debugging. Before trying to disable this logging, did you have any debug options on the command-line?
> 
> I can test this when I have a terminal in a few hours. 

I do not see this logging occuring by default, that is without -d options, on debian 7.7.  Please ensure that you are not using -d (debug) options.

> > Even the secret is show in cleartext. I posted a failed authentication part of the logfile on pastebin.
> > http://pastebin.com/sffJkFJc   just search for the term "bein" that's the part I am talking about.
> > 
> > Best regards
> > Michael Josten
> > Mitarbeiter IT-Betrieb
> > Hochschule Niederrhein
> > KIS - Kommunikations und Informationssysteme Service Niederrhein 
> > University of Applied Sciences Communication and Informationsystems 
> > Service Reinarzstr. 49 D - 47805 Krefeld
> > Telefon: +49 2151 822 3129
> > Fax: +49 2151 822 853123
> > Email: 
> > michael.josten at hs-niederrhein.de<mailto:michael.josten at hs-niederrhei
> > n.de> www.hs-niederrhein.de<http://www.hs-niederrhein.de/>
> > 
> > -------------- next part -------------- An HTML attachment was 
> > scrubbed...
> > URL: 
> > <http://www.shrubbery.net/pipermail/tac_plus/attachments/20141023/5b
> > 60da86/attachment.html> 
> > _______________________________________________
> > tac_plus mailing list
> > tac_plus at shrubbery.net
> > http://www.shrubbery.net/mailman/listinfo/tac_plus
> _______________________________________________
> tac_plus mailing list
> tac_plus at shrubbery.net
> http://www.shrubbery.net/mailman/listinfo/tac_plus

More information about the tac_plus mailing list