Re: TACACS

[Pawel Krawczyk <kravietz () aba krakow pl>]

> Is this normal?  Seems to me like one of the core things you
> try to protect on a WAN are Router passwords... Should Tacacs
> allow you to store in password inside the database in cleartext?

It depends. TACACS+ is used for authenticating users with many protocols,
most notably PAP and CHAP. For PAP you can have the passwords in encrypted
form and validate user's password in the common Unix manner. On the other
hand for CHAP, which is challenge-response protocol, you need to keep
the shared secrets in cleartext.

-- 
Paweł Krawczyk *** home: <http://ceti.pl/~kravietz/>
security: <http://ipsec.pl/>  *** fidonet: 2:486/23