Vulnerability Development mailing list archives
Re: TACACS
From: Pawel Krawczyk <kravietz () aba krakow pl>
Date: Fri, 13 Jul 2001 20:52:04 +0200
Is this normal? Seems to me like one of the core things you try to protect on a WAN are Router passwords... Should Tacacs allow you to store in password inside the database in cleartext?
It depends. TACACS+ is used for authenticating users with many protocols, most notably PAP and CHAP. For PAP you can have the passwords in encrypted form and validate user's password in the common Unix manner. On the other hand for CHAP, which is challenge-response protocol, you need to keep the shared secrets in cleartext. -- Paweł Krawczyk *** home: <http://ceti.pl/~kravietz/> security: <http://ipsec.pl/> *** fidonet: 2:486/23
Current thread:
- Re: TACACS Pawel Krawczyk (Jul 19)