RE: [cisco-ttl] Dial-up servisinde secret sifre mumkun mu?

From: Sinan İlkiz <sinan.ilkiz_at_....>
Date: Mon, 30 Apr 2007 13:51:52 +0300


Merhaba

Freeradius'ta sifreleri mutlaka acik sekilde tutmana gerek yok. Soyle ki,

mysql> select * from radcheck where username like "%sinani%";

+----+----------+----------------+----+---------------+
| id | UserName | Attribute      | op | Value         |
+----+----------+----------------+----+---------------+
| 2 | sinani | Crypt-Password | == | yKuoJ6tc51Q62 |
+----+----------+----------------+----+---------------+
1 row in set (0.00 sec)

Attribute kisminde "Password" yerine "Crypt-Password" yazarsan o zaman acik halini tutmamis olursun. Acik sifrelerin kapali hallerini elde etmek icin freeradius icerisinde ufak bir script var.

...@...:/usr/local/freeradius-1.0.2/scripts# ls -al cryptpasswd -rwxr-xr-x 1 root root 2158 May 11 2006 cryptpasswd*

Bu script'i kullanabilirsin.

Kolay gelsin.

-----Original Message-----
From: cisco-ttl_at_yahoogroups.com [mailto:cisco-ttl_at_yahoogroups.com] On Behalf Of Serdar Gürcan Sent: 30 Nisan 2007 Pazartesi 09:01
To: cisco-ttl_at_yahoogroups.com
Subject: Re: [cisco-ttl] Dial-up servisinde secret sifre mumkun mu?

Linux sunucuya Free Radius ve Tacacs+ kurmuþtum, ancak bu da kullanýcý ve sifreleri kripto edilmemis sekilde tutuyor. Bu yuzden istedigim guvenlik seviyesini saglamiyor.

Bir de kullanici sayisi, en fazla 200 olacagi icin router'da kalmasinda sorun yok.

Yanitlar icin tesekkurler.

2007/4/27, Serhat Uslay <serhat.uslay_at_zurich.com.au>:
>
>
> Baska bir cozumde routerlari tamamen "authentication" isinden
> soyutlayip bu isi AAA (RADIUS) server uzerinde yapman. Cisco router
> kullanici kontrol
>
> etme isini Radius server a yollar. Bunu pek cok ornegi Cisco sitesinde
> var.
>
> Serhat
>
> ----
> This email is intended for the named recipient only. It may contain
> information which is confidential, commercially sensitive, or
> copyright. If you are not the intended recipient you must not
> reproduce or distribute any part of the email, disclose its contents,
> or take any action in reliance. If you have received this email in
> error, please contact the sender and delete the message. It is your
> responsibility to scan this email and any attachments for viruses and other defects.
> To the extent permitted by law, Zurich and its associates will not be
> liable for any loss or damage arising in any way from this
> communication including any file attachments. We may monitor email you
> send to us, either as a reply to this email or any email you send to
> us, to confirm our systems are protected and for compliance with
> company policies. Although we take reasonable precautions to protect
> the confidentiality of our email systems, we do not warrant the
> confidentiality or security of email or attachments we receive.
>
>
> [Non-text portions of this message have been removed]
>
>
>

[Non-text portions of this message have been removed]

--
Cisco Teknik Tartisma Listesi (Cisco-ttl)

Bu listede onerilen degisikliklerin uygulanmasindaki tum sorumluluk kullaniciya aittir. Liste yoneticileri, oneride bulunan liste uyeleri ya da bu uyelerin calistigi kuruluslar herhangi bir sekilde sorumlu tutulamazlar. Yahoo! Groups Links Received on Tue May 01 2007 - 16:10:00 CEST

This archive was generated by hypermail 2.2.0 : Tue May 01 2007 - 16:10:00 CEST