Wednesday, March 12, 2008

tacmd login Credentials

Ever wonder how the ITM 6.1 tacmd command manages the user name and password you enter?

Read on the answer and some security ramifications.

In order to provide the login credentials between multiple calls of tacmd command the login option creates a hidden file in $HOME/.tacmd_$USER.sec on Unix/Linux systems and %USERPROFILE%\.tacmd_%USERNAME%.sec on Windows platforms.

Here are the sample contents of sec file:
{AES256:none:a}SgNLBv6P2FZSs0TGt0kYcntmxlMR13idcuX+N9IwjWcrzCOcCBVg3/GTPuGwbcsiBX5tAe6IXjIWSPtJiAk26/rEdb8HbMenAUF8mV/PB50=

The good news is that the information is encrypted.

Now for the bad news'Any other sessions with the same user account on the host is authorized. For example if there is a shared account on a system, if one person logs in with that system account and then authenticates with a TEMS using tacmd, anyone else with access to the login can now issue tacmd operations without authenticating.


No comments: