beautypg.com

Validating tacacs+ reply packets, Validating tacacs+ packet header, Validating tacacs+ authentication reply – Brocade Multi-Service IronWare Security Configuration Guide (Supporting R05.6.00) User Manual

Page 64

background image

46

Multi-Service IronWare Security Configuration Guide

53-1003035-02

Configuring TACACS or TACACS+ security

1

The show web command displays the privilege level of Web Management Interface users.

Example

Syntax: show web

Validating TACACS+ reply packets

The TACACS+ reply packets are validated for individual fields in the packet header and encrypted or
unencrypted packet body to avoid any system failure due to processing invalid or corrupt reply
packets. Since the packet body formats are different for authentication, authorization and
accounting replies, packet body validation is done separately for each of these replies.

Validating TACACS+ packet header

The TACACS+ packet header validates:

Minimum length of data (fixed size is 12 bytes) for a valid TACACS+ packet header before
reading through individual fields in the header.

Field type in the received packet header against type of TACACS+ reply from the server.

Comparison between received packet length and full packet length (header-size + length field
in the packet header).

Following table lists all possible error conditions and corresponding messages for the reply packet
header validation.

Validating TACACS+ authentication reply

The TACACS+ authentication reply packet validates:

Minimum length of data (fixed size is 6 bytes) for a valid TACACS+ authentication reply before
reading through individual fields in the reply body.

Reply packet is decrypted correctly, validate the status field received in the reply packet to be
one of the legal values for TACACS+ authentication status.

If server-msg length field is present in the reply packet, ensure server message is within the
received packet and has non-null string message.

If data length field is present in the reply packet, ensure data is within the received packet.

Full packet length (header size + length field received in packet header) against number of
bytes parsed successfully from the received reply packet.

TABLE 6

Reply packet header validation

Error warning message

Error condition

Warning: Received invalid TACACS+ packet
header

The received packet size is less than minimum length for
TACACS+ reply header

Warning: Received invalid TACACS+ packet type

Received packet having invalid or null packet type

Warning: Received invalid TACACS+ packet data The received packet size is not matching data length specified

in the packet header

Brocade#show web

User Privilege IP address

set 0 192.168.1.234

See also other documents in the category Brocade Computer Accessories: