[tac_plus] md5 and tac_plus
Mitch Raful (ITaaS)
mitch.raful at dimensiondata.com
Thu Mar 16 03:36:26 UTC 2017
Ok, I’ve gotten much closer and can totally de-obfuscate the packet and get this…
8 10.163.252.27 : Invalid AUTHEN/START packet (check keys)
Could I also be getting this because the device I am attempting to authenticate with is not permitted in an ACL?
Thanks,
Mitch
Mitch Raful
Sr. Network Engineer
Dimension Data Cloud Business Unit
43490 Yukon Drive
Ashburn, VA 21047
Office: 703-724-8862
Cell: 804-363-0731
From: tac_plus <tac_plus-bounces at shrubbery.net> on behalf of Alan McKinnon <alan.mckinnon at gmail.com>
Date: Wednesday, March 15, 2017 at 5:18 AM
To: "tac_plus at shrubbery.net" <tac_plus at shrubbery.net>
Subject: Re: [tac_plus] md5 and tac_plus
On 15/03/2017 00:22, Mitch Raful (ITaaS) wrote:
> I cannot find a Python based tacacs client. I am attempting to write one on my own and can’t figure out the md5 data obfuscation. How does tac_plus handling that. Does it XOR an md5 hash, and add that hash to the session_id + key, version and sequence, and then again if needed?
Not quite, but you are on the right track.
There are 2 sources I can think of to fins the correct details:
- There's an unapproved RFC out there from Cisco that despite never
moving out of draft status, is still the way the tacacs protocol works.
Usage of the key is in there.
- read the tacacsplus code. I recall reading it once and the relevant
function was easy to find. don;t have a copy of sources handy to lok for
you though.
--
Alan McKinnon
alan.mckinnon at gmail.com
_______________________________________________
tac_plus mailing list
tac_plus at shrubbery.net
http://www.shrubbery.net/mailman/listinfo/tac_plus
itevomcid
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.shrubbery.net/pipermail/tac_plus/attachments/20170316/84f5cec3/attachment.html>
More information about the tac_plus
mailing list