[tac_plus] Issue: Incomplete passwords being accepted

Matt Almgren malmgren at skyfire.com
Mon Mar 2 18:17:19 UTC 2015


Alan, can you suggest a solution for this behavior (don¹t want to call it
a problem, as it seems to be a feature.)

SSH logins to our TACACS server don¹t seem to have this problem, so I
assume TACACS is calling this library some place during authentication
process?

Thanks, Matt





On 2/28/15, 10:01 AM, "Alan McKinnon" <alan.mckinnon at gmail.com> wrote:

>On Sat, 28 Feb 2015 08:29:42 -0800
>Matt Almgren <malmgren at skyfire.com> wrote:
>
>> I never noticed this before, but I see the same 8-character problem
>> with version F4.0.4.27a  and CentOS 6.4.
>
>
>You will see it on all versions of tac_plus on all distros. The
>password encryption is done in the crypt() system call which is where
>DES is implemented.
>
>It's not a bug it's a feature, it's just the way DES works. One more
>reason why you should not use DES for password hashing, superior types
>exist.
>
>Alan
>_______________________________________________
>tac_plus mailing list
>tac_plus at shrubbery.net
>http://www.shrubbery.net/mailman/listinfo/tac_plus


This message is being sent by Skyfire Labs, Inc.  It is intended exclusively for the individuals and entities to which it is addressed.  This communication, including any attachments, may contain information that is proprietary, privileged, confidential, or otherwise subject to restrictions on disclosure pursuant to applicable law.  If you are not the named addressee, you are not authorized to read, print, retain copy or disseminate this message or any part of it.  If you have received this message in error, please notify the sender immediately by email and delete all copies of this message.  This message is protected by applicable legal privileges and is confidential.


More information about the tac_plus mailing list