sonic-utilities icon indicating copy to clipboard operation
sonic-utilities copied to clipboard

Published 20 hours ago verified publisher icon sonic-net

TACACSPLUS_PASSKEY_ENCRYPTION support Part - I

Open nmoray opened this issue 2 years ago • 5 comments

  • What I did Added a support of TACACS passkey encryption feature. Ref. : HLD This PR comprises the encryption logic.

  • How I did it Implemented the feature by following HLD

  • How to verify it `1. Configured TACACS passkey: root@sonic:/# config tacacs passkey

  1. Verified whether passkey is encrypted: root@sonic:/# show runningconfiguration all | grep passkey "passkey": "U2FsdGVkX19kFwDeP3IhgqbLJeed3pXtazJ73FtmD3I="

  2. Verified /etc/pam.d/common-auth-sonic file to validate if the passkey is decrypted correctly [Referred while ssh'ing into the device] root@sonic:~# cat /etc/pam.d/common-auth-sonic | grep secret auth [success=done new_authtok_reqd=done default=ignore auth_err=die] pam_tacplus.so server=:49 secret=<pass_in_plaintext> login=login timeout=5 try_first_pass auth [success=done new_authtok_reqd=done default=ignore auth_err=die] pam_tacplus.so server=:49 secret=<pass_in_plaintext> login=login timeout=5 try_first_pass

  3. Verified passkey is hidden in show tacacs output root@sonic:~# show tacacs TACPLUS global auth_type pap (default) TACPLUS global timeout 5 (default) TACPLUS global passkey configured Yes

  4. Verified user able to login into device with TACACS credentials`

nmoray avatar Oct 25 '23 14:10 nmoray

@nmoray please take care of unit test coverage for PR to be approved.

madhupalu avatar Oct 27 '23 17:10 madhupalu

@nmoray , please fix coverage issue by add new test case:

@azure-pipelines-wrapper coverage.Azure.sonic-utilities.Python3 — Pull Request Coverage

Total: 44 lines Missing: 39 lines Coverage: 11% Threshold: 80%

liuh-80 avatar Nov 02 '23 02:11 liuh-80

@nmoray , please fix coverage issue by add new test case:

@azure-pipelines-wrapper coverage.Azure.sonic-utilities.Python3 — Pull Request Coverage

Total: 44 lines Missing: 39 lines Coverage: 11% Threshold: 80%

@liuh-80 can you please give me some pointers for better understanding of this AUT infra. Like, how to write a new testcase.

nmoray avatar Nov 02 '23 06:11 nmoray

@nmoray , please fix coverage issue by add new test case: @azure-pipelines-wrapper coverage.Azure.sonic-utilities.Python3 — Pull Request Coverage Total: 44 lines Missing: 39 lines Coverage: 11% Threshold: 80%

@liuh-80 can you please give me some pointers for better understanding of this AUT infra. Like, how to write a new testcase.

You can find existing test case and add new test case here: https://github.com/sonic-net/sonic-utilities/blob/master/tests/aaa_test.py

liuh-80 avatar Nov 03 '23 06:11 liuh-80

Reviewers, if you are ok with this PR, please help to approve it. Thanks.

zhangyanzhao avatar Dec 12 '23 16:12 zhangyanzhao