TACACS+ uses an MD5 pad based on the session ID, shared secret, TACACS+
version, and packet sequence number. This is XOR'd over the packet. The
pad is in multiples of the MD5 hash length.
The header is sent plain text and includes the sequence number, the
session ID and version number.
Encoding and decoding are symmetrical. It is not considered strong encoding.
We're all fortunate RADIUS doesn't use this to encode packets.
Natr Brazell wrote:
Thanks,
I'm looking into IPSEC at the moment. I'm curious how TACACS+ does
their encryption?
N
On Fri, Aug 6, 2010 at 4:09 PM, Alan DeKok <[email protected]
<mailto:[email protected]>> wrote:
Natr Brazell wrote:
> Is there a way to secure the communication between the radius
server and
> the NAS especially wrt accounting data?
IPSec.
Most NASes implement IPv4, and not much else. "Security" means "don't
run RADIUS over a network where users have access".
Alan DeKok.
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
------------------------------------------------------------------------
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
