-
Notifications
You must be signed in to change notification settings - Fork 43
tac_plus‐ng: Password encryption
Marc Huber edited this page Jan 31, 2026
·
5 revisions
tac_plus-ng supports Cisco Type 6 encryption for passwords and keys (Cisco Type 7 is supported too, but that's merely obfuscation).
type6-key = demoDemoDemo # or "${MY_TYPE6_KEY_IN_AN_ENVIRONMENT_VARIABLE}"
device ... {
# key = demo
key = 6 'F]V_hCNPYPSKdi^[WG[M]\AWAAB'
}
user ... {
password login = 6 'F]V_hCNPYPSKdi^[WG[M]\AWAAB'
}
The master key can be specified at host or global level, and environment variables are fine, too.
Type 6 encryption is supported in setenv assignments in external and external-mt MAVIS module context, too:
type6-key = "${MY_TYPE6_MASTER_KEY}" # environment variable MY_TYPE6_MASTER_KEY, set to "demo" for testing
mavis module = external {
...
setenv LDAP_PASSWD = "DWa[AI`YVfIEBP\A]\EIDBQ^HhVZhXAAB" # "password"
exec = /usr/local/lib/mavis/mavis_tacplus_ldap.pl
}