how to generate DES key for using with tacacs+ in Fedora 8

cezaronne · 09-26-2008, 02:27 AM

Hi,

I am trying to configure Tacacs+ in Fedora 8.The question is how do I generate the DES key for the user's password:

user = test {

default service = permit

login = des xxxxxxxx

expires = "Sep 1 2009 "

Any ideeas?

Thanks

w3bd3vil · 09-26-2008, 04:46 AM

There should be an option in tacas+ to do that.

If not, you could use a program to build one yourself

Quote:

#!/bin/perl

use Crypt:

ES;

my $key = pack("H16", "0123456789ABCDEF");
my $cipher = new Crypt:

ES $key;
my $ciphertext = $cipher->encrypt("plaintex"); # NB - 8 bytes
print unpack("H16", $ciphertext), "\n";

Have a look here.

Quote:

http://search.cpan.org/~dparis/Crypt-DES-2.05/DES.pm

tikit · 09-26-2008, 07:30 AM

Hi,

try using htpasswd utilily. It comes with apache2-utils package.

cezaronne · 09-29-2008, 05:44 AM

Thanks a lot.Acctually I manage to generate the des key with the generate_passwd utility after a long search .... 'generate_passwd is a program to des encrypt a password like Unix. It prompts for the password to encrypt. You can optionally supply a salt to verify a password.'

cachinho · 10-25-2012, 09:06 AM

Provided by: tacacs+_4.0.4.19-9_i386

NAME
tac_pwd - generate DES encryption of a password

SYNOPSIS
tac_pwd [-eh] [salt]

DESCRIPTION
tac_pwd prompts for a clear-text password and produces a DES encryption
of that password on stdout which may be used in lieu of the clear-text
representation in the tac_plus.conf(5).

The DES salt may be provide as a command-line argument.

COMMAND-LINE OPTIONS
-e Do not echo the plain-text password to the terminal.

-h Display help message.