[tac_plus] Issue: Incomplete passwords being accepted

Krux krux at thcnet.net
Mon Mar 2 18:58:21 UTC 2015


If you use PAM for tacacs auth, then it tire ties back to however you have configured PAM for tacacs.  You can also reference a passwd file.
perl -e 's==UBER?=+y[:-o]}(;->\n{q-yp-y+k}?print:??;-p#)'

On March 2, 2015 10:17:19 AM PST, Matt Almgren <malmgren at skyfire.com> wrote:
>Alan, can you suggest a solution for this behavior (don¹t want to call
>it
>a problem, as it seems to be a feature.)
>
>SSH logins to our TACACS server don¹t seem to have this problem, so I
>assume TACACS is calling this library some place during authentication
>process?
>
>Thanks, Matt
>
>
>
>
>
>On 2/28/15, 10:01 AM, "Alan McKinnon" <alan.mckinnon at gmail.com> wrote:
>
>>On Sat, 28 Feb 2015 08:29:42 -0800
>>Matt Almgren <malmgren at skyfire.com> wrote:
>>
>>> I never noticed this before, but I see the same 8-character problem
>>> with version F4.0.4.27a  and CentOS 6.4.
>>
>>
>>You will see it on all versions of tac_plus on all distros. The
>>password encryption is done in the crypt() system call which is where
>>DES is implemented.
>>
>>It's not a bug it's a feature, it's just the way DES works. One more
>>reason why you should not use DES for password hashing, superior types
>>exist.
>>
>>Alan
>>_______________________________________________
>>tac_plus mailing list
>>tac_plus at shrubbery.net
>>http://www.shrubbery.net/mailman/listinfo/tac_plus
>
>
>This message is being sent by Skyfire Labs, Inc.  It is intended
>exclusively for the individuals and entities to which it is addressed. 
>This communication, including any attachments, may contain information
>that is proprietary, privileged, confidential, or otherwise subject to
>restrictions on disclosure pursuant to applicable law.  If you are not
>the named addressee, you are not authorized to read, print, retain copy
>or disseminate this message or any part of it.  If you have received
>this message in error, please notify the sender immediately by email
>and delete all copies of this message.  This message is protected by
>applicable legal privileges and is confidential.
>_______________________________________________
>tac_plus mailing list
>tac_plus at shrubbery.net
>http://www.shrubbery.net/mailman/listinfo/tac_plus




More information about the tac_plus mailing list