TACACS+ and hashed passwords in external MS SQL database
06-25-2019 02:09 AM
It seems that CPPM ignores the password type of an external MSSQL authentication source when using TACACS+ as authentication method.
The same authentication source works fine when using Radius as authentication method.
We are trying to perfom an administrators authentication to a router via TACACS+. The credentials are stored in a MSSQL database with MD5(same applies to SHA and SHA265) hashed password:
When authenticating with username and password - the authentication fails
When authentication with username and password-hash - the authentication is successfull
It seems no matter which password type is configured in CPPMs authentication source, the CPPM handles it like a cleartext password.
Is this expected or does anyone have an idea how we can use hashed passwords an do the tacacs+ authentication?