[tac_plus] md5 and tac_plus

Wed Mar 15 12:04:33 UTC 2017

I found one of my errors.  I was not using the server response’s header for the pseudo_pad to de-obfuscate the packet.  However,  this is what I get in response

  9  10.163.255.153 : Invalid Asâ&Ä6¿
iÁP$, Y@\ î…"vp11½g‘

Any ideas what the tac_plus server is trying to tell me?

Mitch

Mitch Raful
Sr. Network Engineer
Dimension Data Cloud Business Unit
43490 Yukon Drive
Ashburn, VA 21047
Office: 703-724-8862
Cell:     804-363-0731

From: tac_plus <tac_plus-bounces at shrubbery.net> on behalf of Alan McKinnon <alan.mckinnon at gmail.com>
Date: Wednesday, March 15, 2017 at 5:18 AM
To: "tac_plus at shrubbery.net" <tac_plus at shrubbery.net>
Subject: Re: [tac_plus] md5 and tac_plus

On 15/03/2017 00:22, Mitch Raful (ITaaS) wrote:
> I cannot find a Python based tacacs client. I am attempting to write one on my own and can’t figure out the md5 data obfuscation. How does tac_plus handling that. Does it XOR an md5 hash, and add that hash to the session_id + key, version and sequence, and then again if needed?

Not quite, but you are on the right track.

There are 2 sources I can think of to fins the correct details:

- There's an unapproved RFC out there from Cisco that despite never
moving out of draft status, is still the way the tacacs protocol works.
Usage of the key is in there.

- read the tacacsplus code. I recall reading it once and the relevant
function was easy to find. don;t have a copy of sources handy to lok for
you though.

--
Alan McKinnon
alan.mckinnon at gmail.com

_______________________________________________
tac_plus mailing list
tac_plus at shrubbery.net
http://www.shrubbery.net/mailman/listinfo/tac_plus

itevomcid
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.shrubbery.net/pipermail/tac_plus/attachments/20170315/ceb50f88/attachment.html>