[tac_plus] Using cli-prompt as a Shared Secret?
Sven Stenson
noreply at skynet.be
Fri May 18 13:00:40 UTC 2018
Hello,
While reading through the code I noticed the following part in the
function read_packet() defined in the file packet.c
------ snip -----
/* decrypt the data portion */
tkey = cfg_get_host_key(session.peerip);
if (tkey == NULL && !STREQ(session.peer, session.peerip)) {
tkey = cfg_get_host_prompt(session.peer);
}
if (tkey == NULL)
tkey = session.key;
------ snip -----
Could if be that there is a typo in the line "tkey =
cfg_get_host_prompt(session.peer);" should this not be again a call to
cfg_get_host_key() but instead with session.peerip use session.peer as
an argument ?
Or is it intended to use the cli-prompt users see after logging into a
network device as 'shared secret' for the communication between the host
and the tacacs server?
regards,
Sven
More information about the tac_plus
mailing list